Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer hacked


  • Please log in to reply

#1
janji

janji

    Member

  • Member
  • PipPipPip
  • 210 posts
Hi
 
I've come to this forum before and thought my problem was solved but recently found out that someone seems to have accses to where I go online and he uses this info to help harrass me. I also think he might have hacked into my YouTube channel and possibly my Google account despite me having changed passwords and using Keyword Scrambler and Roboform.

From something he posted I suspect that he(and his buddy)also knows that I visited this forum. I'd be very grateful if you guys could help me out.
Thanks xx
 
I'm using Windows 7, 32- bit Operating system, AMD Athlon( tm) II P320 dual Core Process 2.10 GHz.
 
Here my OTL scan
 
OTL logfile created on: 09/02/2015 12:18:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.50 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 43.43% Memory free
6.99 Gb Paging File | 4.75 Gb Available in Paging File | 67.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.73 Gb Total Space | 123.28 Gb Free Space | 54.86% Space Free | Partition Type: NTFS
Drive D: | 628.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 73.36 Gb Total Space | 58.23 Gb Free Space | 79.38% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/09 12:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2015/02/08 13:37:42 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/12/21 11:21:24 | 000,110,160 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/18 17:13:16 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/12/11 11:36:04 | 000,089,864 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/12/11 11:34:48 | 000,217,864 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\Common\HpDeviceDetection3.exe
PRC - [2014/12/09 04:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/10/29 23:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/10/29 17:18:30 | 004,826,904 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/10/26 15:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
PRC - [2014/08/22 17:54:49 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2014/08/01 14:11:23 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/08/01 14:08:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/17 00:32:48 | 000,919,040 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
PRC - [2014/05/16 23:34:14 | 000,430,344 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2014/04/09 14:13:04 | 000,279,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
PRC - [2014/01/10 06:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/11/04 13:42:10 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/11/04 13:42:08 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/11/04 13:42:08 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2013/01/11 06:31:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/03 19:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2011/06/05 19:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/20 00:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/09/20 00:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/02/05 09:50:20 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
PRC - [2010/02/05 09:50:20 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/02/07 01:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/08/23 20:00:48 | 000,430,080 | ---- | M] (J. Eric Vaughan) -- C:\Program Files\Stay On Top\StayOnTop.exe
PRC - [2000/01/01 01:00:00 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/09 11:57:17 | 000,043,008 | ---- | M] () -- c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfaclmg.dll
MOD - [2015/01/23 11:37:32 | 003,925,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/10/22 01:22:50 | 000,750,080 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/22 01:22:50 | 000,047,616 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/22 01:22:48 | 000,863,744 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/22 01:22:46 | 000,200,704 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/08/01 14:08:53 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/08/01 14:08:48 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/05/12 10:49:04 | 000,260,608 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_06.dll
MOD - [2014/01/10 06:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 06:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/09/21 02:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2015/02/05 20:20:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/23 11:37:25 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/11 11:36:04 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/11/22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/08/22 17:54:49 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2014/08/01 14:08:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/26 16:40:55 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2014/05/17 01:44:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2014/05/17 00:32:48 | 000,919,040 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2014/05/16 23:34:14 | 000,430,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2014/04/09 14:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/11/04 13:42:10 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/11/04 13:42:08 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/07/12 23:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/24 21:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/03 19:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2010/09/20 00:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/16 05:12:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/05 09:50:20 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/07 01:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2000/01/01 01:00:00 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva409.sys -- (XDva409)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva405.sys -- (XDva405)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\_MEI20402\drivers\winpmem32.sys -- (pmem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2015/02/09 11:56:21 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/11/22 01:40:32 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/08/01 14:11:17 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/08/01 14:08:57 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/08/01 14:08:57 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/08/01 14:08:57 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/08/01 14:08:57 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/08/01 14:08:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/08/01 14:08:57 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/05/17 03:33:08 | 000,039,624 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2014/05/17 01:41:54 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/12/04 22:34:14 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2013/11/04 13:42:02 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/10/28 01:12:12 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/10/02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/08/25 21:17:26 | 003,234,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2013/05/31 15:53:18 | 000,209,016 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2013/05/22 17:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/04/03 08:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/10/23 23:39:46 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/20 11:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/07/20 11:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/07 10:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/20 01:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/09/20 01:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/09/19 18:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/27 14:27:41 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2010/06/22 03:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2000/01/01 01:00:00 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2000/01/01 01:00:00 | 000,197,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.mystartse...q={searchTerms}
IE - HKCU\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.mystartse...q={searchTerms}
IE - HKCU\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.mystartse...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
 
========== FireFox ==========
 
FF - prefs.js..browser.search.hiddenOneOffs: "mystartsearch"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.searchengine.alias: "mystartsearch"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.iconURL: "http://www.mystartse...eb/favicon.ico"
FF - prefs.js..browser.search.searchengine.name: "mystartsearch"
FF - prefs.js..browser.search.searchengine.ptid: "smt"
FF - prefs.js..browser.search.searchengine.uid: "ST9320423AS_5VH3ENV8"
FF - prefs.js..browser.search.searchengine.url: "http://www.mystartse...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "mystartsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: doubleclick2reloadtab%40linhph.com:1.0.1
FF - prefs.js..extensions.enabledAddons: firerainbow%40hildebrand.cz:1.5
FF - prefs.js..extensions.enabledAddons: %7B06997db0-c027-4d5f-bd37-b0d9230226ea%7D:0.63
FF - prefs.js..extensions.enabledAddons: %7Baede9b05-c23c-479b-a90e-9146ed62d377%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: duplicate-this-tab%40mozilla.org:1.3
FF - prefs.js..extensions.enabledAddons: passhash%40mozilla.wijjo.com:1.1.7
FF - prefs.js..extensions.enabledAddons: clearrecenthistory%40example.net:1.1.20
FF - prefs.js..extensions.enabledAddons: %7B15a7ef52-8a77-426e-9e17-e21af257d7c8%7D:1.8.5
FF - prefs.js..extensions.enabledAddons: amazononclick%40martin.schreiber:1.2
FF - prefs.js..extensions.enabledAddons: gmail_panel%40alejandrobrizuela.com.ar:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.14
FF - prefs.js..extensions.enabledAddons: %7B73007fef-a6e0-47d3-b4e7-dfc116ed6f65%7D:1.15
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.6.5
FF - prefs.js..extensions.enabledAddons: simpletimer%40grbradt.org:2.0.3
FF - prefs.js..extensions.enabledAddons: %7BC0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9%7D:0.7.5
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.27
FF - prefs.js..extensions.enabledAddons: %7BFC5BAC7D-D696-4ba6-B913-CF8F000C33DF%7D:6.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.5.9
FF - prefs.js..extensions.enabledItems: {7F23E3F4-F72E-4f4f-8761-854C8942708F}:1.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.2006.53
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172
FF - prefs.js..extensions.enabledItems: [email protected]:0.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.4
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/UCPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@siber.com/RoboForm: C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/29 10:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/29 10:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/08 08:32:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014/12/21 11:22:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/01/27 15:31:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.6.1\extensions\\Components: C:\Program Files\Pale Moon\components [2015/01/13 00:55:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.6.1\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2015/01/13 00:55:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 11:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014/12/21 11:22:03 | 000,000,000 | ---D | M]
 
[2014/07/21 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2014/07/21 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/08/05 16:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extension-data
[2014/08/05 16:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extension-data\[email protected]
[2015/02/09 00:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions
[2014/08/05 14:56:28 | 000,000,000 | ---D | M] (Remove Cookies for Site) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}
[2014/12/04 21:58:01 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2015/01/13 20:40:53 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/10/15 15:44:27 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2014/08/05 14:29:19 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/09 00:03:54 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2014/11/04 11:17:22 | 000,000,000 | ---D | M] (Clear Recent History... +) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/06 11:43:33 | 000,000,000 | ---D | M] (Blur (Formerly DoNotTrackMe)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2014/08/05 14:56:28 | 000,000,000 | ---D | M] (Double-click To Reload Tab) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2014/08/05 14:56:28 | 000,000,000 | ---D | M] (FireRainbow) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2014/10/12 20:41:28 | 000,000,000 | ---D | M] ("Password Hasher") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2014/04/08 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]
[2014/04/08 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]\simple-storage
[2014/12/06 14:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]
[2014/12/06 14:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]\simple-storage
[2014/11/29 23:19:07 | 000,010,102 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/08/05 18:03:30 | 000,169,469 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/05 22:45:43 | 002,558,942 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/06 11:53:45 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/12/23 19:30:54 | 000,033,116 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/11/26 18:57:22 | 000,516,357 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/04 16:08:26 | 000,328,123 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/01/31 14:26:56 | 000,185,312 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\jid1-0FHdJAAQ7Nb73[email protected]
[2014/12/13 22:47:50 | 000,096,404 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/08/05 16:19:40 | 000,144,716 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/12/06 14:02:43 | 000,447,686 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/08/05 16:19:40 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/03 23:31:21 | 000,002,736 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/01/07 17:51:11 | 001,183,704 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/01/26 23:09:26 | 000,206,833 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2014/08/05 16:19:40 | 000,012,030 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2015/02/06 11:58:43 | 000,086,000 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
[2014/11/25 22:58:48 | 000,268,530 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi
[2014/10/08 12:06:48 | 000,105,141 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi
[2015/02/06 12:00:12 | 000,050,602 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
[2015/01/10 19:23:25 | 000,013,127 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
[2014/12/25 17:54:00 | 000,030,813 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2015/01/22 21:19:33 | 000,027,016 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi
[2014/08/05 18:03:30 | 000,002,245 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi
[2014/11/13 20:37:04 | 000,129,475 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
[2015/02/03 17:27:24 | 000,224,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
[2014/10/15 17:45:29 | 000,073,612 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2015/01/15 17:53:10 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/10 19:47:15 | 000,004,929 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\google-images.xml
[2013/06/14 21:21:43 | 000,000,910 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\yahoo.xml
[2015/02/06 22:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/02/06 22:33:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/01/27 15:31:32 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files\Mozilla Firefox\browser\extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\6.0.12_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.12.2_0\
 
O1 HOSTS File: ([2014/01/31 13:01:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [NCPluginUpdater] c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5794603A-7296-4361-A208-8D2B25CE0365}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{922811CB-89F2-4B4F-B615-FB20EB03AB4A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/12/18 18:37:08 | 000,000,897 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O32 - AutoRun File - [2000/11/02 14:44:46 | 000,000,040 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/09 12:17:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2015/02/09 12:04:45 | 006,195,168 | ---- | C] (Hewlett-Packard Company                                     ) -- C:\Users\User\Desktop\sp45229.exe
[2015/02/09 12:04:30 | 044,135,360 | ---- | C] (Hewlett-Packard                                             ) -- C:\Users\User\Desktop\sp50718.exe
[2015/02/09 12:04:16 | 133,605,160 | ---- | C] (Hewlett-Packard                                             ) -- C:\Users\User\Desktop\sp49519.exe
[2015/02/09 11:52:43 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2015/02/09 11:52:43 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2015/02/09 11:52:42 | 001,640,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2015/02/09 11:52:42 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2015/02/09 11:52:42 | 000,057,376 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2015/02/09 11:52:41 | 002,622,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2015/02/09 11:52:41 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2015/02/09 11:52:41 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2015/02/09 11:52:41 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2015/02/09 11:52:41 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2015/02/09 11:52:41 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2015/02/09 11:52:41 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2015/02/09 11:52:41 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2015/02/09 11:52:39 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2015/02/09 11:52:39 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2015/02/09 02:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2015/02/09 02:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2015/02/06 22:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2015/02/02 01:08:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MMFApplications
[2015/02/02 00:57:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's DEMO
[2015/02/02 00:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Five Nights at Freddy's DEMO
[2015/01/27 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/01/25 17:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2015/01/23 20:42:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2015/01/18 21:32:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\CafePress
[2015/01/18 16:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\paint.net
[2015/01/18 16:49:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\paint.net
[2015/01/18 15:04:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Imagina
[2015/01/18 15:01:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Planet Imagina
[2015/01/18 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2015/01/17 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FastStone
[2015/01/17 19:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2015/01/17 19:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2015/01/14 11:09:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/01/14 11:09:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/01/14 11:08:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2015/01/13 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2015/01/12 14:50:48 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\scrapBYE
[2015/01/12 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MyPaint
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/09 12:22:56 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/09 12:22:56 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/09 12:20:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/09 12:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2015/02/09 12:07:25 | 133,605,160 | ---- | M] (Hewlett-Packard                                             ) -- C:\Users\User\Desktop\sp49519.exe
[2015/02/09 12:05:21 | 044,135,360 | ---- | M] (Hewlett-Packard                                             ) -- C:\Users\User\Desktop\sp50718.exe
[2015/02/09 12:04:52 | 006,195,168 | ---- | M] (Hewlett-Packard Company                                     ) -- C:\Users\User\Desktop\sp45229.exe
[2015/02/09 11:57:22 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2015/02/09 11:56:21 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2015/02/09 11:54:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/09 11:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/09 11:54:28 | 2814,558,208 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/09 11:42:46 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/09 11:06:57 | 002,527,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/09 04:08:07 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/02/09 00:13:51 | 008,998,130 | ---- | M] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
[2015/02/09 00:11:30 | 011,780,600 | ---- | M] () -- C:\Users\User\Desktop\Dana Fredsti.mp4
[2015/02/08 21:28:35 | 003,049,957 | ---- | M] () -- C:\Users\User\Desktop\2015-02-07 19.05.52.jpg
[2015/02/08 21:26:26 | 000,640,244 | ---- | M] () -- C:\Users\User\Desktop\2015-02-07 19.00.30.jpg
[2015/02/08 20:44:47 | 000,086,016 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
[2015/02/08 18:33:06 | 002,728,696 | ---- | M] () -- C:\Users\User\Desktop\2015-02-08 01.10.01.jpg
[2015/02/08 18:31:17 | 003,952,133 | ---- | M] () -- C:\Users\User\Desktop\2015-02-08 01.08.42.jpg
[2015/02/08 13:34:49 | 000,697,506 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015/02/08 13:34:49 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/02/08 13:34:49 | 000,384,248 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2015/02/08 13:34:49 | 000,149,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015/02/08 13:34:49 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/02/08 13:34:49 | 000,119,918 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2015/02/07 15:05:01 | 008,749,661 | ---- | M] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
[2015/02/06 22:33:26 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/02/06 22:28:01 | 039,690,816 | ---- | M] () -- C:\Users\User\Desktop\Firefox Setup 35.0.1.exe
[2015/02/05 22:43:47 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/05 20:20:11 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/02/05 20:20:11 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/02/05 01:40:59 | 015,795,631 | ---- | M] () -- C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
[2015/02/05 01:32:35 | 020,690,486 | ---- | M] () -- C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
[2015/02/04 22:16:16 | 000,245,131 | ---- | M] () -- C:\Users\User\Desktop\Aldrin_Apollo_11_cropped.jpg
[2015/02/03 17:16:41 | 3869,692,740 | ---- | M] () -- C:\Users\User\Documents\User-PcMediaIDbin.zip
[2015/02/02 00:57:26 | 000,001,095 | ---- | M] () -- C:\Users\User\Desktop\Five Nights at Freddy's DEMO.lnk
[2015/01/28 23:19:31 | 000,303,498 | ---- | M] () -- C:\Users\User\Desktop\14860158820_a7d3ab7cd9_z.jpg
[2015/01/27 01:58:33 | 004,001,425 | ---- | M] () -- C:\Users\User\Desktop\Cintamu Mekar Di Hati - MAY _ HQ   Lirik.mp3
[2015/01/27 01:57:44 | 000,001,069 | ---- | M] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
[2015/01/26 20:48:40 | 000,002,225 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/26 20:48:40 | 000,001,134 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/01/25 17:10:59 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2015/01/25 17:10:50 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2015/01/25 17:10:50 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2015/01/25 17:10:49 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2015/01/19 21:19:27 | 009,498,677 | ---- | M] () -- C:\Users\User\Desktop\14426030064_955dc6e406_o.jpg
[2015/01/18 16:50:29 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
[2015/01/18 15:32:39 | 000,003,045 | ---- | M] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2015/01/18 14:33:53 | 000,001,007 | ---- | M] () -- C:\Users\User\Desktop\GIMP 2.lnk
[2015/01/17 19:56:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2015/01/14 02:00:47 | 003,473,795 | ---- | M] () -- C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/09 11:52:48 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2015/02/09 00:13:50 | 008,998,130 | ---- | C] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
[2015/02/09 00:11:28 | 011,780,600 | ---- | C] () -- C:\Users\User\Desktop\Dana Fredsti.mp4
[2015/02/08 18:27:52 | 000,640,244 | ---- | C] () -- C:\Users\User\Desktop\2015-02-07 19.00.30.jpg
[2015/02/08 18:27:39 | 002,728,696 | ---- | C] () -- C:\Users\User\Desktop\2015-02-08 01.10.01.jpg
[2015/02/08 18:27:19 | 003,952,133 | ---- | C] () -- C:\Users\User\Desktop\2015-02-08 01.08.42.jpg
[2015/02/08 13:32:28 | 003,049,957 | ---- | C] () -- C:\Users\User\Desktop\2015-02-07 19.05.52.jpg
[2015/02/07 15:04:55 | 008,749,661 | ---- | C] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
[2015/02/06 22:33:26 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/02/06 22:33:26 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/02/06 22:27:46 | 039,690,816 | ---- | C] () -- C:\Users\User\Desktop\Firefox Setup 35.0.1.exe
[2015/02/05 01:40:47 | 015,795,631 | ---- | C] () -- C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
[2015/02/05 01:31:40 | 020,690,486 | ---- | C] () -- C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
[2015/02/05 00:06:16 | 000,038,777 | ---- | C] () -- C:\Users\User\Desktop\in bread.jpg
[2015/02/04 22:16:14 | 000,245,131 | ---- | C] () -- C:\Users\User\Desktop\Aldrin_Apollo_11_cropped.jpg
[2015/02/03 17:14:23 | 3869,692,740 | ---- | C] () -- C:\Users\User\Documents\User-PcMediaIDbin.zip
[2015/02/02 00:57:26 | 000,001,095 | ---- | C] () -- C:\Users\User\Desktop\Five Nights at Freddy's DEMO.lnk
[2015/01/28 23:08:16 | 000,303,498 | ---- | C] () -- C:\Users\User\Desktop\14860158820_a7d3ab7cd9_z.jpg
[2015/01/27 01:58:21 | 004,001,425 | ---- | C] () -- C:\Users\User\Desktop\Cintamu Mekar Di Hati - MAY _ HQ   Lirik.mp3
[2015/01/27 01:57:44 | 000,001,069 | ---- | C] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
[2015/01/19 21:19:13 | 009,498,677 | ---- | C] () -- C:\Users\User\Desktop\14426030064_955dc6e406_o.jpg
[2015/01/18 16:50:29 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
[2015/01/18 16:50:29 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\paint.net.lnk
[2015/01/18 15:32:39 | 000,003,045 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2015/01/18 14:33:53 | 000,001,007 | ---- | C] () -- C:\Users\User\Desktop\GIMP 2.lnk
[2015/01/18 14:32:19 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2015/01/17 19:56:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2015/01/14 02:00:39 | 003,473,795 | ---- | C] () -- C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3
[2014/11/15 21:33:44 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2014/11/15 21:33:43 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2014/11/15 21:33:43 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2014/08/01 14:10:54 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsvousb.sys.dump
[2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsnmea.sys.dump
[2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsmdm.sys.dump
[2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsdiag.sys.dump
[2014/03/22 17:33:36 | 000,155,136 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys.dump
[2014/03/22 17:33:36 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsat.sys.dump
[2014/03/22 17:33:36 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys.dump
[2014/03/22 17:33:36 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\ws2ifsl.sys.dump
[2014/03/22 17:33:36 | 000,014,912 | ---- | C] () -- C:\Windows\System32\drivers\wmilib.sys.dump
[2014/03/22 17:33:35 | 000,043,392 | ---- | C] () -- C:\Windows\System32\drivers\winhv.sys.dump
[2014/03/22 17:33:35 | 000,035,968 | ---- | C] () -- C:\Windows\System32\drivers\winusb.sys.dump
[2014/03/22 17:33:35 | 000,019,008 | ---- | C] () -- C:\Windows\System32\drivers\wimmount.sys.dump
[2014/03/22 17:33:35 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\wmiacpi.sys.dump
[2014/03/22 17:33:35 | 000,009,728 | ---- | C] () -- C:\Windows\System32\drivers\wfplwf.sys.dump
[2014/03/22 17:33:34 | 000,527,064 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys.dump
[2014/03/22 17:33:34 | 000,047,720 | ---- | C] () -- C:\Windows\System32\drivers\WdfLdr.sys.dump
[2014/03/22 17:33:34 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\watchdog.sys.dump
[2014/03/22 17:33:34 | 000,019,024 | ---- | C] () -- C:\Windows\System32\drivers\wd.sys.dump
[2014/03/22 17:33:33 | 000,063,488 | ---- | C] () -- C:\Windows\System32\drivers\wanarp.sys.dump
[2014/03/22 17:33:33 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys.dump
[2014/03/22 17:33:33 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\vwifimp.sys.dump
[2014/03/22 17:33:32 | 000,297,040 | ---- | C] () -- C:\Windows\System32\drivers\volmgrx.sys.dump
[2014/03/22 17:33:32 | 000,245,632 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys.dump
[2014/03/22 17:33:32 | 000,141,904 | ---- | C] () -- C:\Windows\System32\drivers\vsmraid.sys.dump
[2014/03/22 17:33:32 | 000,048,128 | ---- | C] () -- C:\Windows\System32\drivers\vwififlt.sys.dump
[2014/03/22 17:33:32 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\vwifibus.sys.dump
[2014/03/22 17:33:31 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys.dump
[2014/03/22 17:33:31 | 000,040,704 | ---- | C] () -- C:\Windows\System32\drivers\vmstorfl.sys.dump
[2014/03/22 17:33:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\VMBusHID.sys.dump
[2014/03/22 17:33:31 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\vms3cap.sys.dump
[2014/03/22 17:33:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\vmbus.sys.dump
[2014/03/22 17:33:30 | 000,111,616 | ---- | C] () -- C:\Windows\System32\drivers\videoprt.sys.dump
[2014/03/22 17:33:30 | 000,053,328 | ---- | C] () -- C:\Windows\System32\drivers\VIAAGP.SYS.dump
[2014/03/22 17:33:30 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\viac7.sys.dump
[2014/03/22 17:33:30 | 000,016,976 | ---- | C] () -- C:\Windows\System32\drivers\viaide.sys.dump
[2014/03/22 17:33:29 | 000,160,128 | ---- | C] () -- C:\Windows\System32\drivers\vhdmp.sys.dump
[2014/03/22 17:33:29 | 000,032,832 | ---- | C] () -- C:\Windows\System32\drivers\vdrvroot.sys.dump
[2014/03/22 17:33:29 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\vgapnp.sys.dump
[2014/03/22 17:33:29 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\vga.sys.dump
[2014/03/22 17:33:28 | 000,146,816 | ---- | C] () -- C:\Windows\System32\drivers\usbvideo.sys.dump
[2014/03/22 17:33:28 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS.dump
[2014/03/22 17:33:28 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys.dump
[2014/03/22 17:33:27 | 000,284,672 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys.dump
[2014/03/22 17:33:27 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\usbrpm.sys.dump
[2014/03/22 17:33:27 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\usbohci.sys.dump
[2014/03/22 17:33:27 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\usbprint.sys.dump
[2014/03/22 17:33:26 | 000,258,560 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys.dump
[2014/03/22 17:33:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\drivers\usbcir.sys.dump
[2014/03/22 17:33:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys.dump
[2014/03/22 17:33:26 | 000,006,016 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys.dump
[2014/03/22 17:33:25 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys.dump
[2014/03/22 17:33:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys.dump
[2014/03/22 17:33:25 | 000,025,856 | ---- | C] () -- C:\Windows\System32\drivers\USBCAMD2.sys.dump
[2014/03/22 17:33:25 | 000,025,856 | ---- | C] () -- C:\Windows\System32\drivers\USBCAMD.sys.dump
[2014/03/22 17:33:25 | 000,015,872 | ---- | C] () -- C:\Windows\System32\drivers\usb8023.sys.dump
[2014/03/22 17:33:24 | 000,246,784 | ---- | C] () -- C:\Windows\System32\drivers\udfs.sys.dump
[2014/03/22 17:33:24 | 000,057,424 | ---- | C] () -- C:\Windows\System32\drivers\ULIAGPKX.SYS.dump
[2014/03/22 17:33:24 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\umbus.sys.dump
[2014/03/22 17:33:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\umpass.sys.dump
[2014/03/22 17:33:23 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\tunnel.sys.dump
[2014/03/22 17:33:23 | 000,055,888 | ---- | C] () -- C:\Windows\System32\drivers\UAGP35.SYS.dump
[2014/03/22 17:33:22 | 000,200,976 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys.dump
[2014/03/22 17:33:22 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\termdd.sys.dump
[2014/03/22 17:33:22 | 000,049,664 | ---- | C] () -- C:\Windows\System32\drivers\TsUsbFlt.sys.dump
[2014/03/22 17:33:22 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys.dump
[2014/03/22 17:33:21 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys.dump
[2014/03/22 17:33:21 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys.dump
[2014/03/22 17:33:21 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tdtcp.sys.dump
[2014/03/22 17:33:21 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\tdi.sys.dump
[2014/03/22 17:33:21 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\tdpipe.sys.dump
[2014/03/22 17:33:20 | 001,294,272 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys.dump
[2014/03/22 17:33:20 | 000,037,064 | ---- | C] () -- C:\Windows\System32\drivers\taphss6.sys.dump
[2014/03/22 17:33:19 | 000,299,312 | ---- | C] () -- C:\Windows\System32\drivers\SynTP.sys.dump
[2014/03/22 17:33:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\taphss.sys.dump
[2014/03/22 17:33:19 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tape.sys.dump
[2014/03/22 17:33:18 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys.dump
[2014/03/22 17:33:18 | 000,012,240 | ---- | C] () -- C:\Windows\System32\drivers\swenum.sys.dump
[2014/03/22 17:33:17 | 000,182,680 | ---- | C] () -- C:\Windows\System32\drivers\ssudmdm.sys.dump
[2014/03/22 17:33:17 | 000,148,864 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys.dump
[2014/03/22 17:33:17 | 000,053,632 | ---- | C] () -- C:\Windows\System32\drivers\stream.sys.dump
[2014/03/22 17:33:17 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\storvsc.sys.dump
[2014/03/22 17:33:17 | 000,021,072 | ---- | C] () -- C:\Windows\System32\drivers\stexstor.sys.dump
[2014/03/22 17:33:16 | 000,311,808 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys.dump
[2014/03/22 17:33:16 | 000,310,272 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys.dump
[2014/03/22 17:33:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys.dump
[2014/03/22 17:33:16 | 000,083,864 | ---- | C] () -- C:\Windows\System32\drivers\ssudbus.sys.dump
[2014/03/22 17:33:15 | 000,405,504 | ---- | C] () -- C:\Windows\System32\drivers\spsys.sys.dump
[2014/03/22 17:33:15 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys.dump
[2014/03/22 17:33:15 | 000,017,472 | ---- | C] () -- C:\Windows\System32\drivers\spldr.sys.dump
[2014/03/22 17:33:15 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\smclib.sys.dump
[2014/03/22 17:33:14 | 000,077,888 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys.dump
[2014/03/22 17:33:14 | 000,052,304 | ---- | C] () -- C:\Windows\System32\drivers\SISAGP.SYS.dump
[2014/03/22 17:33:14 | 000,040,016 | ---- | C] () -- C:\Windows\System32\drivers\sisraid2.sys.dump
[2014/03/22 17:33:14 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys.dump
[2014/03/22 17:33:13 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\sfloppy.sys.dump
[2014/03/22 17:33:13 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys.dump
[2014/03/22 17:33:13 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\sffp_mmc.sys.dump
[2014/03/22 17:33:12 | 000,083,456 | ---- | C] () -- C:\Windows\System32\drivers\serial.sys.dump
[2014/03/22 17:33:12 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\sermouse.sys.dump
[2014/03/22 17:33:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\serenum.sys.dump
[2014/03/22 17:33:12 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\sffdisk.sys.dump
[2014/03/22 17:33:11 | 000,140,160 | ---- | C] () -- C:\Windows\System32\drivers\scsiport.sys.dump
[2014/03/22 17:33:11 | 000,085,376 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys.dump
[2014/03/22 17:33:11 | 000,084,992 | ---- | C] () -- C:\Windows\System32\drivers\sdbus.sys.dump
[2014/03/22 17:33:11 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\scfilter.sys.dump
[2014/03/22 17:33:11 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\secdrv.sys.dump
[2014/03/22 17:33:10 | 002,888,536 | ---- | C] () -- C:\Windows\System32\drivers\RTKVHDA.sys.dump
[2014/03/22 17:33:10 | 000,197,736 | ---- | C] () -- C:\Windows\System32\drivers\RtsUStor.sys.dump
[2014/03/22 17:33:09 | 000,394,856 | ---- | C] () -- C:\Windows\System32\drivers\Rt86win7.sys.dump
[2014/03/22 17:33:09 | 000,060,928 | ---- | C] () -- C:\Windows\System32\drivers\rspndr.sys.dump
[2014/03/22 17:33:09 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\RNDISMP.sys.dump
[2014/03/22 17:33:09 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\rootmdm.sys.dump
[2014/03/22 17:33:08 | 000,117,760 | ---- | C] () -- C:\Windows\System32\drivers\rmcast.sys.dump
[2014/03/22 17:33:07 | 000,183,808 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys.dump
[2014/03/22 17:33:07 | 000,173,440 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys.dump
[2014/03/22 17:33:07 | 000,129,536 | ---- | C] () -- C:\Windows\System32\drivers\rfcomm.sys.dump
[2014/03/22 17:33:07 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\RimSerial.sys.dump
[2014/03/22 17:33:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\rdpvideominiport.sys.dump
[2014/03/22 17:33:06 | 000,133,632 | ---- | C] () -- C:\Windows\System32\drivers\rdpdr.sys.dump
[2014/03/22 17:33:06 | 000,018,944 | ---- | C] () -- C:\Windows\System32\drivers\rdpbus.sys.dump
[2014/03/22 17:33:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\RDPREFMP.sys.dump
[2014/03/22 17:33:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPENCDD.sys.dump
[2014/03/22 17:33:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPCDD.sys.dump
[2014/03/22 17:33:05 | 000,242,688 | ---- | C] () -- C:\Windows\System32\drivers\rdbss.sys.dump
[2014/03/22 17:33:05 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\rasl2tp.sys.dump
[2014/03/22 17:33:05 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\raspppoe.sys.dump
[2014/03/22 17:33:05 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\rassstp.sys.dump
[2014/03/22 17:33:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\drivers\raspptp.sys.dump
[2014/03/22 17:33:04 | 001,383,488 | ---- | C] () -- C:\Windows\System32\drivers\ql2300.sys.dump
[2014/03/22 17:33:04 | 000,106,064 | ---- | C] () -- C:\Windows\System32\drivers\ql40xx.sys.dump
[2014/03/22 17:33:04 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\qwavedrv.sys.dump
[2014/03/22 17:33:04 | 000,011,776 | ---- | C] () -- C:\Windows\System32\drivers\rasacd.sys.dump
[2014/03/22 17:33:03 | 000,052,224 | ---- | C] () -- C:\Windows\System32\drivers\processr.sys.dump
[2014/03/22 17:33:03 | 000,015,544 | ---- | C] () -- C:\Windows\System32\drivers\psi_mf.sys.dump
[2014/03/22 17:33:02 | 000,586,752 | ---- | C] () -- C:\Windows\System32\drivers\PEAuth.sys.dump
[2014/03/22 17:33:02 | 000,180,288 | ---- | C] () -- C:\Windows\System32\drivers\pcmcia.sys.dump
[2014/03/22 17:33:02 | 000,177,152 | ---- | C] () -- C:\Windows\System32\drivers\portcls.sys.dump
[2014/03/22 17:33:02 | 000,043,088 | ---- | C] () -- C:\Windows\System32\drivers\pcw.sys.dump
[2014/03/22 17:33:01 | 000,153,984 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys.dump
[2014/03/22 17:33:01 | 000,056,176 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys.dump
[2014/03/22 17:33:01 | 000,042,560 | ---- | C] () -- C:\Windows\System32\drivers\pciidex.sys.dump
[2014/03/22 17:33:01 | 000,012,368 | ---- | C] () -- C:\Windows\System32\drivers\pciide.sys.dump
[2014/03/22 17:33:01 | 000,008,704 | ---- | C] () -- C:\Windows\System32\drivers\parvdm.sys.dump
[2014/03/22 17:33:00 | 000,267,264 | ---- | C] () -- C:\Windows\System32\drivers\nwifi.sys.dump
[2014/03/22 17:33:00 | 000,105,024 | ---- | C] () -- C:\Windows\System32\drivers\NV_AGP.SYS.dump
[2014/03/22 17:33:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\drivers\pacer.sys.dump
[2014/03/22 17:33:00 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\parport.sys.dump
[2014/03/22 17:33:00 | 000,062,464 | ---- | C] () -- C:\Windows\System32\drivers\ohci1394.sys.dump
[2014/03/22 17:32:59 | 001,211,752 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys.dump
[2014/03/22 17:32:59 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys.dump
[2014/03/22 17:32:59 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys.dump
[2014/03/22 17:32:59 | 000,004,608 | ---- | C] () -- C:\Windows\System32\drivers\null.sys.dump
[2014/03/22 17:32:58 | 000,044,624 | ---- | C] () -- C:\Windows\System32\drivers\nfrd960.sys.dump
[2014/03/22 17:32:58 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\npfs.sys.dump
[2014/03/22 17:32:58 | 000,016,896 | ---- | C] () -- C:\Windows\System32\drivers\nsiproxy.sys.dump
[2014/03/22 17:32:57 | 000,240,576 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys.dump
[2014/03/22 17:32:57 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2014/03/22 17:32:57 | 000,048,640 | ---- | C] () -- C:\Windows\System32\drivers\ndproxy.sys.dump
[2014/03/22 17:32:57 | 000,036,352 | ---- | C] () -- C:\Windows\System32\drivers\netbios.sys.dump
[2014/03/22 17:32:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\drivers\ndiswan.sys.dump
[2014/03/22 17:32:56 | 000,046,080 | ---- | C] () -- C:\Windows\System32\drivers\ndisuio.sys.dump
[2014/03/22 17:32:56 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\ndiscap.sys.dump
[2014/03/22 17:32:56 | 000,020,992 | ---- | C] () -- C:\Windows\System32\drivers\ndistapi.sys.dump
[2014/03/22 17:32:55 | 000,712,048 | ---- | C] () -- C:\Windows\System32\drivers\ndis.sys.dump
[2014/03/22 17:32:55 | 000,049,728 | ---- | C] () -- C:\Windows\System32\drivers\mup.sys.dump
[2014/03/22 17:32:55 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys.dump
[2014/03/22 17:32:55 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\MTConfig.sys.dump
[2014/03/22 17:32:55 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\mstee.sys.dump
[2014/03/22 17:32:54 | 000,233,344 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys.dump
[2014/03/22 17:32:54 | 000,162,896 | ---- | C] () -- C:\Windows\System32\drivers\msrpc.sys.dump
[2014/03/22 17:32:54 | 000,008,320 | ---- | C] () -- C:\Windows\System32\drivers\mskssrv.sys.dump
[2014/03/22 17:32:54 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\mspclock.sys.dump
[2014/03/22 17:32:54 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\mspqm.sys.dump
[2014/03/22 17:32:53 | 000,116,096 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys.dump
[2014/03/22 17:32:53 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\msfs.sys.dump
[2014/03/22 17:32:53 | 000,013,888 | ---- | C] () -- C:\Windows\System32\drivers\msisadrv.sys.dump
[2014/03/22 17:32:53 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\mshidkmdf.sys.dump
[2014/03/22 17:32:52 | 000,223,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys.dump
[2014/03/22 17:32:52 | 000,123,904 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys.dump
[2014/03/22 17:32:52 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys.dump
[2014/03/22 17:32:52 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys.dump
[2014/03/22 17:32:51 | 000,130,432 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys.dump
[2014/03/22 17:32:51 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\mrxdav.sys.dump
[2014/03/22 17:32:51 | 000,078,208 | ---- | C] () -- C:\Windows\System32\drivers\mountmgr.sys.dump
[2014/03/22 17:32:51 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\mpsdrv.sys.dump
[2014/03/22 17:32:51 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\mouhid.sys.dump
[2014/03/22 17:32:50 | 000,235,584 | ---- | C] () -- C:\Windows\System32\drivers\MegaSR.sys.dump
[2014/03/22 17:32:50 | 000,041,552 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys.dump
[2014/03/22 17:32:50 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\modem.sys.dump
[2014/03/22 17:32:50 | 000,030,800 | ---- | C] () -- C:\Windows\System32\drivers\megasas.sys.dump
[2014/03/22 17:32:50 | 000,023,552 | ---- | C] () -- C:\Windows\System32\drivers\monitor.sys.dump
[2014/03/22 17:32:50 | 000,012,072 | ---- | C] () -- C:\Windows\System32\drivers\MoborobAssDriver.sys.dump
[2014/03/22 17:32:49 | 000,034,432 | ---- | C] () -- C:\Windows\System32\drivers\mcvidrv.sys.dump
[2014/03/22 17:32:49 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\mcaudrv.sys.dump
[2014/03/22 17:32:49 | 000,022,856 | ---- | C] () -- C:\Windows\System32\drivers\mbam.sys.dump
[2014/03/22 17:32:49 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\mcd.sys.dump
[2014/03/22 17:32:49 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\massfilter_hs.sys.dump
[2014/03/22 17:32:48 | 000,096,848 | ---- | C] () -- C:\Windows\System32\drivers\lsi_scsi.sys.dump
[2014/03/22 17:32:48 | 000,089,168 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas.sys.dump
[2014/03/22 17:32:48 | 000,086,528 | ---- | C] () -- C:\Windows\System32\drivers\luafv.sys.dump
[2014/03/22 17:32:48 | 000,054,864 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas2.sys.dump
[2014/03/22 17:32:48 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\ManyCam.sys.dump
[2014/03/22 17:32:47 | 000,136,640 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys.dump
[2014/03/22 17:32:47 | 000,095,824 | ---- | C] () -- C:\Windows\System32\drivers\lsi_fc.sys.dump
[2014/03/22 17:32:47 | 000,067,520 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys.dump
[2014/03/22 17:32:47 | 000,048,128 | ---- | C] () -- C:\Windows\System32\drivers\lltdio.sys.dump
[2014/03/22 17:32:46 | 000,209,016 | ---- | C] () -- C:\Windows\System32\drivers\keyscrambler.sys.dump
[2014/03/22 17:32:46 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys.dump
[2014/03/22 17:32:46 | 000,046,656 | ---- | C] () -- C:\Windows\System32\drivers\isapnp.sys.dump
[2014/03/22 17:32:46 | 000,042,576 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys.dump
[2014/03/22 17:32:46 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\kbdhid.sys.dump
[2014/03/22 17:32:45 | 000,101,888 | ---- | C] () -- C:\Windows\System32\drivers\ipnat.sys.dump
[2014/03/22 17:32:45 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\irda.sys.dump
[2014/03/22 17:32:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys.dump
[2014/03/22 17:32:45 | 000,058,880 | ---- | C] () -- C:\Windows\System32\drivers\ipfltdrv.sys.dump
[2014/03/22 17:32:45 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\irenum.sys.dump
[2014/03/22 17:32:44 | 000,332,160 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys.dump
[2014/03/22 17:32:44 | 000,053,760 | ---- | C] () -- C:\Windows\System32\drivers\intelppm.sys.dump
[2014/03/22 17:32:44 | 000,041,040 | ---- | C] () -- C:\Windows\System32\drivers\iirsp.sys.dump
[2014/03/22 17:32:44 | 000,015,424 | ---- | C] () -- C:\Windows\System32\drivers\intelide.sys.dump
[2014/03/22 17:32:43 | 000,513,536 | ---- | C] () -- C:\Windows\System32\drivers\http.sys.dump
[2014/03/22 17:32:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys.dump
[2014/03/22 17:32:43 | 000,014,208 | ---- | C] () -- C:\Windows\System32\drivers\hwpolicy.sys.dump
[2014/03/22 17:32:42 | 000,067,152 | ---- | C] () -- C:\Windows\System32\drivers\HpSAMD.sys.dump
[2014/03/22 17:32:42 | 000,039,624 | ---- | C] () -- C:\Windows\System32\drivers\hssdrv6.sys.dump
[2014/03/22 17:32:42 | 000,025,728 | ---- | C] () -- C:\Windows\System32\drivers\hidparse.sys.dump
[2014/03/22 17:32:42 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\hidusb.sys.dump
[2014/03/22 17:32:41 | 000,304,128 | ---- | C] () -- C:\Windows\System32\drivers\HdAudio.sys.dump
[2014/03/22 17:32:41 | 000,091,136 | ---- | C] () -- C:\Windows\System32\drivers\hidbth.sys.dump
[2014/03/22 17:32:41 | 000,055,808 | ---- | C] () -- C:\Windows\System32\drivers\hidclass.sys.dump
[2014/03/22 17:32:41 | 000,037,888 | ---- | C] () -- C:\Windows\System32\drivers\hidir.sys.dump
[2014/03/22 17:32:41 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\hidbatt.sys.dump
[2014/03/22 17:32:40 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsnmea.sys.dump
[2014/03/22 17:32:40 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsmdm.sys.dump
[2014/03/22 17:32:40 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys.dump
[2014/03/22 17:32:40 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\hcw85cir.sys.dump
[2014/03/22 17:32:39 | 000,187,752 | ---- | C] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS.dump
[2014/03/22 17:32:39 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsdiag.sys.dump
[2014/03/22 17:32:39 | 000,057,936 | ---- | C] () -- C:\Windows\System32\drivers\GAGP30KX.SYS.dump
[2014/03/22 17:32:39 | 000,032,408 | ---- | C] () -- C:\Windows\System32\drivers\ghsandroid.sys.dump
[2014/03/22 17:32:39 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys.dump
[2014/03/22 17:32:38 | 000,198,208 | ---- | C] () -- C:\Windows\System32\drivers\fltMgr.sys.dump
[2014/03/22 17:32:38 | 000,196,328 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys.dump
[2014/03/22 17:32:38 | 000,046,160 | ---- | C] () -- C:\Windows\System32\drivers\fsdepends.sys.dump
[2014/03/22 17:32:38 | 000,019,824 | ---- | C] () -- C:\Windows\System32\drivers\fs_rec.sys.dump
[2014/03/22 17:32:37 | 000,058,448 | ---- | C] () -- C:\Windows\System32\drivers\fileinfo.sys.dump
[2014/03/22 17:32:37 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys.dump
[2014/03/22 17:32:37 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\fdc.sys.dump
[2014/03/22 17:32:37 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\flpydisk.sys.dump
[2014/03/22 17:32:36 | 003,100,160 | ---- | C] () -- C:\Windows\System32\drivers\evbdx.sys.dump
[2014/03/22 17:32:36 | 000,148,480 | ---- | C] () -- C:\Windows\System32\drivers\fastfat.sys.dump
[2014/03/22 17:32:36 | 000,142,336 | ---- | C] () -- C:\Windows\System32\drivers\exfat.sys.dump
[2014/03/22 17:32:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\errdev.sys.dump
[2014/03/22 17:32:33 | 000,729,024 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys.dump
[2014/03/22 17:32:33 | 000,453,712 | ---- | C] () -- C:\Windows\System32\drivers\elxstor.sys.dump
[2014/03/22 17:32:33 | 000,218,984 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys.dump
[2014/03/22 17:32:33 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\dxg.sys.dump
[2014/03/22 17:32:32 | 000,055,584 | ---- | C] () -- C:\Windows\System32\drivers\dumpfve.sys.dump
[2014/03/22 17:32:32 | 000,026,704 | ---- | C] () -- C:\Windows\System32\drivers\Dumpata.sys.dump
[2014/03/22 17:32:32 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\dxapi.sys.dump
[2014/03/22 17:32:32 | 000,005,120 | ---- | C] () -- C:\Windows\System32\drivers\drmkaud.sys.dump
[2014/03/22 17:32:31 | 000,131,072 | ---- | C] () -- C:\Windows\System32\drivers\Dot4.sys.dump
[2014/03/22 17:32:31 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\drmk.sys.dump
[2014/03/22 17:32:31 | 000,070,720 | ---- | C] () -- C:\Windows\System32\drivers\djsvs.sys.dump
[2014/03/22 17:32:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\drivers\Dot4usb.sys.dump
[2014/03/22 17:32:31 | 000,027,008 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys.dump
[2014/03/22 17:32:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\Dot4Prt.sys.dump
[2014/03/22 17:32:30 | 000,388,096 | ---- | C] () -- C:\Windows\System32\drivers\csc.sys.dump
[2014/03/22 17:32:30 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys.dump
[2014/03/22 17:32:30 | 000,057,424 | ---- | C] () -- C:\Windows\System32\drivers\disk.sys.dump
[2014/03/22 17:32:30 | 000,032,256 | ---- | C] () -- C:\Windows\System32\drivers\discache.sys.dump
[2014/03/22 17:32:29 | 000,369,848 | ---- | C] () -- C:\Windows\System32\drivers\cng.sys.dump
[2014/03/22 17:32:29 | 000,035,408 | ---- | C] () -- C:\Windows\System32\drivers\crashdmp.sys.dump
[2014/03/22 17:32:29 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\CompositeBus.sys.dump
[2014/03/22 17:32:29 | 000,022,096 | ---- | C] () -- C:\Windows\System32\drivers\crcdisk.sys.dump
[2014/03/22 17:32:29 | 000,019,024 | ---- | C] () -- C:\Windows\System32\drivers\compbatt.sys.dump
[2014/03/22 17:32:28 | 000,140,864 | ---- | C] () -- C:\Windows\System32\drivers\Classpnp.sys.dump
[2014/03/22 17:32:28 | 000,037,888 | ---- | C] () -- C:\Windows\System32\drivers\circlass.sys.dump
[2014/03/22 17:32:28 | 000,015,952 | ---- | C] () -- C:\Windows\System32\drivers\cmdide.sys.dump
[2014/03/22 17:32:28 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\CmBatt.sys.dump
[2014/03/22 17:32:27 | 000,430,080 | ---- | C] () -- C:\Windows\System32\drivers\bxvbdx.sys.dump
[2014/03/22 17:32:27 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys.dump
[2014/03/22 17:32:27 | 000,070,656 | ---- | C] () -- C:\Windows\System32\drivers\cdfs.sys.dump
[2014/03/22 17:32:26 | 000,393,728 | ---- | C] () -- C:\Windows\System32\drivers\bthport.sys.dump
[2014/03/22 17:32:26 | 000,093,696 | ---- | C] () -- C:\Windows\System32\drivers\bthpan.sys.dump
[2014/03/22 17:32:26 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\BTHUSB.SYS.dump
[2014/03/22 17:32:26 | 000,056,320 | ---- | C] () -- C:\Windows\System32\drivers\bthmodem.sys.dump
[2014/03/22 17:32:25 | 000,062,336 | ---- | C] () -- C:\Windows\System32\drivers\BrSerWdm.sys.dump
[2014/03/22 17:32:25 | 000,034,816 | ---- | C] () -- C:\Windows\System32\drivers\bthenum.sys.dump
[2014/03/22 17:32:25 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbMdm.sys.dump
[2014/03/22 17:32:25 | 000,011,904 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbSer.sys.dump
[2014/03/22 17:32:24 | 000,272,128 | ---- | C] () -- C:\Windows\System32\drivers\BrSerId.sys.dump
[2014/03/22 17:32:24 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\bridge.sys.dump
[2014/03/22 17:32:24 | 000,013,568 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltLo.sys.dump
[2014/03/22 17:32:24 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltUp.sys.dump
[2014/03/22 17:32:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys.dump
[2014/03/22 17:32:23 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\blbdrive.sys.dump
[2014/03/22 17:32:22 | 001,131,008 | ---- | C] () -- C:\Windows\System32\drivers\BCMWL6.SYS.dump
[2014/03/22 17:32:22 | 000,025,168 | ---- | C] () -- C:\Windows\System32\drivers\battc.sys.dump
[2014/03/22 17:32:22 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\beep.sys.dump
[2014/03/22 17:32:21 | 005,342,208 | ---- | C] () -- C:\Windows\System32\drivers\atipmdag.sys.dump
[2014/03/22 17:32:21 | 000,229,888 | ---- | C] () -- C:\Windows\System32\drivers\b57nd60x.sys.dump
[2014/03/22 17:32:21 | 000,056,816 | ---- | C] () -- C:\Windows\System32\drivers\avgntflt.sys.dump
[2014/03/22 17:32:20 | 000,221,696 | ---- | C] () -- C:\Windows\System32\drivers\atikmpag.sys.dump
[2014/03/22 17:32:19 | 006,380,544 | ---- | C] () -- C:\Windows\System32\drivers\atikmdag.sys.dump
[2014/03/22 17:32:19 | 000,077,312 | ---- | C] () -- C:\Windows\System32\drivers\AtihdW73.sys.dump
[2014/03/22 17:32:18 | 003,234,304 | ---- | C] () -- C:\Windows\System32\drivers\athr.sys.dump
[2014/03/22 17:32:17 | 000,133,056 | ---- | C] () -- C:\Windows\System32\drivers\ataport.sys.dump
[2014/03/22 17:32:17 | 000,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys.dump
[2014/03/22 17:32:16 | 000,086,608 | ---- | C] () -- C:\Windows\System32\drivers\arcsas.sys.dump
[2014/03/22 17:32:16 | 000,076,368 | ---- | C] () -- C:\Windows\System32\drivers\arc.sys.dump
[2014/03/22 17:32:16 | 000,050,176 | ---- | C] () -- C:\Windows\System32\drivers\appid.sys.dump
[2014/03/22 17:32:16 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\asyncmac.sys.dump
[2014/03/22 17:32:15 | 000,159,312 | ---- | C] () -- C:\Windows\System32\drivers\amdsbs.sys.dump
[2014/03/22 17:32:15 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys.dump
[2014/03/22 17:32:15 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\amdppm.sys.dump
[2014/03/22 17:32:15 | 000,032,408 | ---- | C] () -- C:\Windows\System32\drivers\androidusb.sys.dump
[2014/03/22 17:32:15 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys.dump
[2014/03/22 17:32:14 | 001,163,328 | ---- | C] () -- C:\Windows\System32\drivers\AGRSM.sys.dump
[2014/03/22 17:32:14 | 000,055,296 | ---- | C] () -- C:\Windows\System32\drivers\amdk8.sys.dump
[2014/03/22 17:32:14 | 000,053,312 | ---- | C] () -- C:\Windows\System32\drivers\AMDAGP.SYS.dump
[2014/03/22 17:32:14 | 000,014,912 | ---- | C] () -- C:\Windows\System32\drivers\amdide.sys.dump
[2014/03/22 17:32:14 | 000,014,400 | ---- | C] () -- C:\Windows\System32\drivers\aliide.sys.dump
[2014/03/22 17:32:13 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys.dump
[2014/03/22 17:32:13 | 000,053,312 | ---- | C] () -- C:\Windows\System32\drivers\AGP440.sys.dump
[2014/03/22 17:32:13 | 000,049,152 | ---- | C] () -- C:\Windows\System32\drivers\agilevpn.sys.dump
[2014/03/22 17:32:12 | 000,422,976 | ---- | C] () -- C:\Windows\System32\drivers\adp94xx.sys.dump
[2014/03/22 17:32:12 | 000,297,552 | ---- | C] () -- C:\Windows\System32\drivers\adpahci.sys.dump
[2014/03/22 17:32:12 | 000,146,512 | ---- | C] () -- C:\Windows\System32\drivers\adpu320.sys.dump
[2014/03/22 17:32:11 | 000,274,304 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys.dump
[2014/03/22 17:32:11 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\acpipmi.sys.dump
[2014/03/22 17:32:10 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys.dump
[2014/03/22 17:32:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\1394bus.sys.dump
[2013/12/15 16:58:37 | 000,012,072 | ---- | C] () -- C:\Windows\System32\drivers\MoborobAssDriver.sys
[2013/12/04 22:34:14 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2013/12/04 22:34:14 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2013/12/04 21:12:51 | 000,003,012 | ---- | C] () -- C:\Windows\System32\client.ini
[2013/11/30 22:27:45 | 000,023,088 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2013/11/30 21:52:11 | 000,362,748 | ---- | C] () -- C:\Users\User\AppData\Local\census.cache
[2013/11/30 21:51:46 | 000,174,615 | ---- | C] () -- C:\Users\User\AppData\Local\ars.cache
[2013/11/26 19:38:07 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2013/11/20 03:18:07 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2013/11/20 03:18:07 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2013/11/20 03:18:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2013/11/10 15:09:41 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/09/18 12:46:53 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/09/18 12:46:52 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/22 14:45:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013/08/22 14:45:21 | 000,697,506 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013/08/22 14:45:21 | 000,149,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013/08/22 14:45:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013/08/21 23:29:16 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013/08/18 22:52:21 | 000,000,115 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013/08/18 22:52:21 | 000,000,005 | ---- | C] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2012/11/01 20:39:21 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012/11/01 20:39:21 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2012/07/16 20:40:29 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
[2010/12/16 18:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/16 03:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/12/16 03:44:17 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 83 bytes -> C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

Edited by janji, 14 February 2015 - 02:44 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     
    Ron

    • 0

    #3
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    ADWCleaner report:

     

    # AdwCleaner v4.110 - Logfile created 10/02/2015 at 13:47:34
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-09.1 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : hshld
    [x] Not Deleted : YahooAUService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\SecTaskMan
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Windows\system32\SearchProtect
    Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected]
    Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
    File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\foxydeal.sqlite
    File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\invalidprefs.js
    File Deleted : C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\foxydeal.sqlite
    File Deleted : C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\invalidprefs.js
    File Deleted : C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rcdgk3lo.default\user.js
    File Deleted : C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
    File Deleted : C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
    File Deleted : C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    File Deleted : C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

    ***** [ Scheduled tasks ] *****

    Task Deleted : RunAsStdUser Task

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ohlfohjgijhjlpidbbnmcdooegafnnnm
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
    Key Deleted : HKCU\Software\Classes\pokki
    Key Deleted : HKCU\Software\Mozilla\Extends
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\Brothersoft
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKLM\SOFTWARE\Myfree Codec
    Key Deleted : HKLM\SOFTWARE\SupDp
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\WinWSD ToolBar
    Key Deleted : HKLM\SOFTWARE\winzipersvc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v35.0.1 (x86 en-GB)

    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "mystartsearch");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

    -\\ Pale Moon v24.6.1 (en-US)

    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.SearchEngineBeforeUnload", "ZoneAlarm Security Customized Web Search");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1333966535728,\"updateRespTime\":1333966536176,\"data\":{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/12/265[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.installId", "ConduitNSISIntegration");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.installType", "ConduitXPEIntegration");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fveohwebplayer.ourtoolbar.com%2Funinstall%2F%3Fversion%3D10.7.7.9%26platform%3Dfirefox\",\"EB[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VeohWebPlayer.OurToolbar.com//xpi\"}");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Veoh Web Player\"}");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.smartbar.CTID", "CT2653012");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.smartbar.Uninstall", "1");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.smartbar.homepage", true);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.smartbar.isHidden", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm Security Customized Web Search");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", "\"1283468208\"");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238", "\"56fe0d15406c7b69464328b19c048ede\"");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\User\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\rcdgk3lo.default\\conduitCommon\\modules\\3.8.0.8");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2645238");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2645238");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2645238");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "c6827e55-0126-44d8-9709-fbba7118d29e");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2645238");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Nov 09 2011 01:29:03 GMT+0100");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Nov 09 2011 01:28:57 GMT+0100");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "fdf30a95-2623-4069-a688-e2eaa883d337");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://my.yahoo.com/?_bc=1");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB6&ctid=CT2653012&SearchSource=13");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Veoh Web Player Customized Web Search");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&ctid=CT2653012&SearchSource=2&q=");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Security Customized Web Search");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_meta.value", "%7B%22md5.js%22%3A%7B%22id%22%3A863458%2C%22ver%22%3A53%2C%22st[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_resource_863461.value", "%22%3C%21DOCTYPE%20html%3E%5Cn%3Chtml%3E%5Cn%3Chead%[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.a652767772eef446f9bc05876cf8d55ad6d1a50c1909c46e4a8e2e2f97df7d86acom44047.44047.internaldb.Resources_resource_863462.value", "%22/*%5Cn%20*%20jQuery%20Cryptography%20Plug-in%5Cn%[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "144757b7107ecfc739cb28bc6bb818c1");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=578034C1-335A-4F00-BCA4-B9ABDAA3B3F6&n=77fc6fe2&p2=^9N^xdm080^YY^de&si=CKPKtpL0lbYCFUaN3god5[...]
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2013032418");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "^9N^xdm080^YY^de");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CKPKtpL0lbYCFUaN3god51EA0Q");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "578034C1-335A-4F00-BCA4-B9ABDAA3B3F6");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1365083050661");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", false);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "10001");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extentions.y2layers.installId", "50e63569-0256-4bae-a06c-b5b5d5495a67");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 372043);
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&ctid=CT2653012&SearchSource=2&q=");
    [rcdgk3lo.default\prefs.js] - Line Deleted : user_pref("socialfixer.100000236308925/cache/bfb_donate_pagelet", "<div style=\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-border-radius:3px;-webkit-border-radius:3px;border-ra[...]

    -\\ Google Chrome v40.0.2214.111

    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={7E4969E0-8DC9-47C6-948E-2CF79C4B70D0}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860&type=default&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&q={searchTerms}&SearchSource=3&ctid=CT2653012

    -\\ Comodo Dragon v

    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={7E4969E0-8DC9-47C6-948E-2CF79C4B70D0}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860&type=default&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&q={searchTerms}&SearchSource=3&ctid=CT2653012

    -\\ Opera v27.0.1689.66

    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={7E4969E0-8DC9-47C6-948E-2CF79C4B70D0}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860&type=default&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8&q={searchTerms}
    [C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&q={searchTerms}&SearchSource=3&ctid=CT2653012

    *************************

    AdwCleaner[R0].txt - [23147 bytes] - [10/02/2015 13:42:53]
    AdwCleaner[S0].txt - [28841 bytes] - [10/02/2015 13:47:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28901  bytes] ##########



     


    Edited by janji, 10 February 2015 - 06:57 AM.

    • 0

    #4
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    JRT scan:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Ultimate x86
    Ran by User on 10/02/2015 at 14:02:00.82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update lucky leap
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\User\Local Settings\Application Data\cre"
    Successfully deleted: [Folder] "C:\Program Files\myfree codec"
    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\prefs.js

    user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.tutorialspoint.com/javascript/index.htm\",\"title\":\"Javascript Tutorial\"},{\"url\":\"hxxp://www.rationalskept
    user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
    user_pref("browser.search.searchengine.ptid", "smt");
    user_pref("browser.search.searchengine.uid", "ST9320423AS_5VH3ENV8");
    user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Twitter\",\"icon\":\"hxxp://g.etfv.co/hxxps://twitter.com/\",\"uri\":\"hxxps://twitter.com/\",\"accessCount\":1,\"time\":142
    user_pref("extensions.ntk.thumbsUrls", "hxxps://twitter.com/;hxxps://www.facebook.com/;hxxps://mail.google.com/;hxxps://www.youtube.com/;hxxp://www.geekstogo.com/forum/;hxxp:/
    Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\minidumps [176 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/02/2015 at 14:05:51.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #5
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    FRSTAddition:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
    Ran by User at 2015-02-10 14:13:37
    Running from C:\Users\User\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
    AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
    Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
    Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
    AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    ccc-core-static (Version: 2010.0617.855.14122 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
    Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
    Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
    Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
    FastStone Image Viewer 5.3 (HKLM\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
    File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
    Five Nights at Freddy's DEMO (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Five Nights at Freddy's DEMO) (Version:  - )
    Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
    Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
    Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
    HP Support Solutions Framework (HKLM\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
    iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
    K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    ManyCam 3.0.91 (remove only) (HKLM\...\ManyCam) (Version: 3.0.91 - ManyCam LLC)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
    Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
    MyPaint 1.0.0 (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
    Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
    Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
    Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
    Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
    Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
    paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
    Pale Moon 24.6.1 (x86 en-US) (HKLM\...\Pale Moon 24.6.1 (x86 en-US)) (Version: 24.6.1 - Moonchild Productions)
    PhotoScape (HKLM\...\PhotoScape) (Version:  - )
    PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
    Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
    Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
    RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
    Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
    Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
    Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
    SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
    SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
    Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
    Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
    Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
    VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
    ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    08-02-2015 19:00:08 Windows Backup
    09-02-2015 02:18:18 Installed HP Support Solutions Framework
    10-02-2015 13:36:14 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
    Task: {04E861FD-AE2D-4536-972A-9CBC5D1A46B5} - System32\Tasks\{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3} => D:\Setup.exe [2000-10-05] (InstallShield Software Corporation)
    Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
    Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
    Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
    Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
    Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {377645D7-BADA-4E0E-AD5B-C7D00FEE7171} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {3A6520B3-0426-44D3-B409-796B928DAB32} - System32\Tasks\{EF9E28E4-BEED-4229-8760-020756DA18C3} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    Task: {4025D84B-DA4C-44AE-923E-7CC6A0CD655E} - System32\Tasks\{93F49872-654E-438E-9457-172EA0309781} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    Task: {447799E1-DB8F-4DAE-80B8-A9EC0F829F5B} - System32\Tasks\{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF} => pcalua.exe -a "C:\Users\User\Downloads\framxprozip\Install FreeRAM XP Pro 1.52.exe" -d C:\Users\User\Downloads\framxprozip
    Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
    Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} - System32\Tasks\{6B61C2C6-83AC-410A-8D14-9DC18276731C} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 4\temp\vcredist.exe" -d "C:\Program Files\IObit\Advanced SystemCare 4" -c /quiet /norestart
    Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {528AC02D-D334-4AB8-BD2B-78F8F839DA58} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
    Task: {6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
    Task: {6B0E942B-0495-4EF7-AEDD-9569A16DA9FB} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
    Task: {6CC9CD40-24B3-437D-A95F-AA42A7ED2179} - System32\Tasks\{4F269D7E-F484-4872-B125-69A22B1D578E} => D:\dx7ager.exe [2000-12-04] (Microsoft Corporation)
    Task: {74458643-781C-4690-A8D0-792BAAAB7F6F} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
    Task: {7EB660CE-8E8C-4552-9102-38BF0F931FB6} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
    Task: {84C33C9B-2486-4F46-A898-F1A14640A101} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
    Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
    Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
    Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
    Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {93DA04AE-DC95-41E6-88E1-CC5D550726C6} - System32\Tasks\{963698A4-DBC2-4787-B04A-F72E38679091} => D:\Setup.exe [2000-10-05] (InstallShield Software Corporation)
    Task: {9532703A-89D8-44B9-A93F-57991BCF286E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
    Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
    Task: {A0EF1356-998E-4904-81C0-8B04180F6F8C} - System32\Tasks\{37CBC58E-1076-4FF5-B7E8-70E8F2C90ACF} => pcalua.exe -a D:\dx7ager.exe -d D:\
    Task: {A0FFA0F9-D5C1-43EB-B9EC-E86857BBCBF8} - System32\Tasks\{F23DC048-0487-44E4-B4BA-8AB1816562FF} => D:\dx7ager.exe [2000-12-04] (Microsoft Corporation)
    Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
    Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
    Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
    Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
    Task: {C236B0BA-C3DE-438D-BA39-848CF163193A} - System32\Tasks\Opera scheduled Autoupdate 1392134183 => C:\Program Files\Opera\launcher.exe [2015-02-02] (Opera Software)
    Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
    Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {D66CDB5C-EE69-418D-9BCE-AA81BA27D69F} - System32\Tasks\{3C9EE13C-A6BE-44EA-90B1-CDB1D5FE6C83} => D:\dx7ager.exe [2000-12-04] (Microsoft Corporation)
    Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
    Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
    Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
    Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
    Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
    Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
    Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
    Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-02-10 13:30 - 2015-02-10 13:30 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15021000\algo.dll
    2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
    2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
    2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-10 13:52 - 2015-02-10 13:52 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt9h_v1.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2010-06-10 16:42 - 2010-06-10 16:42 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2015-02-09 21:05 - 2015-02-09 21:05 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
    2015-02-06 22:33 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
    AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
    MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
    MSCONFIG\startupreg: Amazon Music => "C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
    MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
    MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
    MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
    MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
    MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
    MSCONFIG\startupreg: Screen Highlighter => C:\Program Files\Screen Highlighter\shl.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
    Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
    User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Faulty Device Manager Devices =============

    Name: adfs
    Description: adfs
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: adfs
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II P320 Dual-Core Processor
    Percentage of memory in use: 53%
    Total physical RAM: 3578.9 MB
    Available physical RAM: 1673.63 MB
    Total Pagefile: 7156.09 MB
    Available Pagefile: 5060.47 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1879.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:224.73 GB) (Free:124.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DS9 The Fallen) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
    Drive g: () (Fixed) (Total:73.36 GB) (Free:58.15 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
    Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #6
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    FRST report:


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
    Ran by User (administrator) on USER-PC on 10-02-2015 14:12:21
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available profiles: User)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    () C:\Program Files\Hotspot Shield\bin\hsswd.exe
    (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    (Secunia) C:\Program Files\Secunia\PSI\psia.exe
    (Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Secunia) C:\Program Files\Secunia\PSI\sua.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
    (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
    (J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
    (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
    HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [RtkOSD] => C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe [907264 2010-02-05] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
    ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    BootExecute: autocheck autochk * bootdelete
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    Handler: linkscanner - No CLSID Value -
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
    FF Homepage: https://my.yahoo.com/
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
    FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
    FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
    FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
    FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
    FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
    FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
    FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
    FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
    FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
    FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
    FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
    FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
    FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
    FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-13]
    FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
    FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
    FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
    FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
    FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
    FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
    FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
    FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
    FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
    FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
    FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
    FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
    FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
    FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
    FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-01-27]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
    FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
    FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
    FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
    CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
    CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
    CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
    CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
    CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
    CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - No Path
    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]
    CHR HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Chrome\Extension: [ekekpckhcfhhaagbmdeimlipagihocje] - C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx [Not Found]

    Opera:
    =======
    OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
    OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
    OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
    OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
    OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
    OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
    OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
    OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
    OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
    OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
    OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
    OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
    OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
    OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
    OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
    OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
    R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-07] (ArcSoft Inc.)
    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
    R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
    R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
    S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-07-26] (Realtek Semiconductor.) [File not signed]
    R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
    S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5340160 2010-06-17] (ATI Technologies Inc.)
    S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
    R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
    S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
    R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
    R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-10] ()
    S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
    R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
    R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]
    S2 adfs; No ImagePath
    S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
    S3 pmem; \??\C:\Users\User\AppData\Local\Temp\_MEI20402\drivers\winpmem32.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
    S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
    S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 14:12 - 2015-02-10 14:13 - 00036684 _____ () C:\Users\User\Desktop\FRST.txt
    2015-02-10 14:12 - 2015-02-10 14:12 - 00000000 ____D () C:\FRST
    2015-02-10 14:11 - 2015-02-10 14:11 - 01124352 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
    2015-02-10 14:05 - 2015-02-10 14:05 - 00002330 _____ () C:\Users\User\Desktop\JRT.txt
    2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
    2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
    2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
    2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
    2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
    2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
    2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
    2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
    2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
    2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
    2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
    2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
    2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
    2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
    2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
    2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
    2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
    2015-02-09 00:11 - 2015-02-09 00:11 - 11780600 _____ () C:\Users\User\Desktop\Dana Fredsti.mp4
    2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
    2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-06 22:27 - 2015-02-06 22:28 - 39690816 _____ () C:\Users\User\Desktop\Firefox Setup 35.0.1.exe
    2015-02-06 22:01 - 2015-02-06 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
    2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
    2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
    2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
    2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications
    2015-02-02 00:57 - 2015-02-02 00:57 - 00001095 _____ () C:\Users\User\Desktop\Five Nights at Freddy's DEMO.lnk
    2015-02-02 00:57 - 2015-02-02 00:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's DEMO
    2015-02-02 00:56 - 2015-02-02 00:57 - 00000000 ____D () C:\Program Files\Five Nights at Freddy's DEMO
    2015-01-27 15:31 - 2015-02-06 22:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-27 01:57 - 2015-01-27 01:57 - 00001069 _____ () C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
    2015-01-25 17:11 - 2015-01-25 17:11 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-01-18 21:32 - 2015-02-03 18:55 - 00000000 ____D () C:\Users\User\Desktop\CafePress
    2015-01-18 16:50 - 2015-01-18 16:50 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2015-01-18 16:50 - 2015-01-18 16:50 - 00001136 _____ () C:\Users\Public\Desktop\paint.net.lnk
    2015-01-18 16:49 - 2015-01-18 16:51 - 00000000 ____D () C:\Users\User\AppData\Local\paint.net
    2015-01-18 16:49 - 2015-01-18 16:50 - 00000000 ____D () C:\Program Files\paint.net
    2015-01-18 15:32 - 2015-01-18 15:32 - 00003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
    2015-01-18 15:04 - 2015-01-18 15:04 - 00000000 ____D () C:\Users\User\Documents\Imagina
    2015-01-18 15:01 - 2015-01-18 15:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Planet Imagina
    2015-01-18 14:33 - 2015-01-18 14:33 - 00001007 _____ () C:\Users\User\Desktop\GIMP 2.lnk
    2015-01-18 14:32 - 2015-01-18 14:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2015-01-18 14:29 - 2015-01-18 14:32 - 00000000 ____D () C:\Program Files\GIMP 2
    2015-01-17 19:57 - 2015-01-17 19:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\FastStone
    2015-01-17 19:56 - 2015-01-17 19:56 - 00001023 _____ () C:\Users\Public\Desktop\FastStone Image Viewer.lnk
    2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
    2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
    2015-01-14 11:09 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 11:09 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 11:08 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 11:08 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 11:08 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 11:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 00:54 - 2015-01-13 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-01-12 14:50 - 2015-02-08 20:46 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
    2015-01-12 14:11 - 2015-01-12 14:50 - 00000000 ____D () C:\Users\User\Documents\MyPaint
    2015-01-11 03:42 - 2015-01-02 23:58 - 00000508 _____ () C:\Users\User\Documents\Backup-codes-janjimoni google account.txt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 14:12 - 2009-10-24 19:57 - 01169556 _____ () C:\Windows\WindowsUpdate.log
    2015-02-10 14:01 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
    2015-02-10 13:57 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 13:57 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 13:52 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
    2015-02-10 13:52 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
    2015-02-10 13:50 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
    2015-02-10 13:50 - 2013-11-10 15:09 - 00000384 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
    2015-02-10 13:50 - 2011-02-20 16:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-10 13:49 - 2014-08-19 23:25 - 00016782 _____ () C:\Windows\setupact.log
    2015-02-10 13:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
    2015-02-10 13:43 - 2011-02-20 16:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-10 13:36 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
    2015-02-10 13:36 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
    2015-02-10 13:36 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-10 00:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-09 21:28 - 2013-12-15 19:30 - 10288128 ___SH () C:\Users\User\Desktop\Thumbs.db
    2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-02-09 20:46 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
    2015-02-09 19:52 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
    2015-02-09 19:52 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\File Type Advisor
    2015-02-09 11:58 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
    2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
    2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
    2015-02-09 11:52 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2015-02-09 11:06 - 2009-07-14 05:33 - 02527296 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 04:02 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-09 03:50 - 2012-05-17 17:50 - 00110824 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-08 20:44 - 2013-09-07 20:45 - 00086016 ____H () C:\Users\User\Desktop\photothumb.db
    2015-02-07 14:31 - 2014-08-19 23:25 - 00037100 _____ () C:\Windows\PFRO.log
    2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-05 20:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-05 20:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
    2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
    2015-02-03 16:36 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
    2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
    2015-01-30 10:15 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
    2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp
    2015-01-27 17:56 - 2014-09-23 14:59 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
    2015-01-27 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
    2015-01-27 15:28 - 2012-10-31 21:46 - 00204800 ___SH () C:\Users\User\Documents\Thumbs.db
    2015-01-27 15:19 - 2013-09-23 18:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
    2015-01-27 03:58 - 2014-05-19 12:10 - 00000000 ___RD () C:\Users\User\Desktop\Moi
    2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
    2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\Free M4a to MP3 Converter
    2015-01-26 20:48 - 2013-09-10 12:45 - 00001413 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-26 15:18 - 2014-05-24 16:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\AdvertismentImages
    2015-01-25 17:10 - 2014-10-16 16:52 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-01-25 17:10 - 2014-10-16 16:52 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-01-25 17:10 - 2014-10-16 16:52 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-01-25 17:10 - 2014-10-16 16:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-01-25 17:10 - 2014-04-19 11:16 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-25 17:10 - 2011-08-18 20:32 - 00000000 ____D () C:\Program Files\Java
    2015-01-18 23:16 - 2011-12-09 15:12 - 00000000 ____D () C:\output
    2015-01-18 19:52 - 2013-09-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
    2015-01-18 17:34 - 2011-02-09 17:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\PhotoScape
    2015-01-18 16:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-01-18 16:47 - 2012-05-06 20:10 - 00000000 ____D () C:\Users\User\Documents\Einstein in 1952 wrote that the word “God” is nothing _ Who Has This Imagination_files
    2015-01-18 16:06 - 2014-07-05 11:13 - 00000000 ____D () C:\Users\User\.gimp-2.8
    2015-01-18 14:24 - 2014-06-21 09:51 - 00000000 ___RD () C:\Users\User\Desktop\Stalks
    2015-01-15 02:39 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 02:27 - 2011-11-21 17:38 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 01:53 - 2014-11-03 20:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
    2015-01-13 00:55 - 2009-10-24 20:48 - 00000000 ____D () C:\Program Files\QuickTime Alternative
    2015-01-13 00:20 - 2011-11-19 03:08 - 00000000 ____D () C:\Users\User\Documents\extensions
    2015-01-11 14:44 - 2014-11-28 00:11 - 00000000 ____D () C:\Program Files\FreeAlarmClock
    2015-01-11 03:47 - 2014-12-06 20:29 - 00000000 ___RD () C:\Users\User\Desktop\myGov

    ==================== Files in the root of some directories =======

    2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
    2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
    2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
    2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
    2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
    2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
    2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
    2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    Files to move or delete:
    ====================
    C:\Users\User\jagex_cl_runescape_LIVE.dat
    C:\Users\User\random.dat


    Some content of TEMP:
    ====================
    C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt9h_v1.dll
    C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
    C:\Users\User\AppData\Local\temp\Quarantine.exe
    C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
    C:\Users\User\AppData\Local\temp\SkypeSetup.exe
    C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
    C:\Users\User\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 18:37

    ==================== End Of Log ============================


    • 0

    #7
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    OTL txt:

    OTL logfile created on: 10/02/2015 14:21:00 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17501)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
     
    3.50 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 45.23% Memory free
    6.99 Gb Paging File | 4.89 Gb Available in Paging File | 69.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224.73 Gb Total Space | 124.45 Gb Free Space | 55.38% Space Free | Partition Type: NTFS
    Drive D: | 628.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 73.36 Gb Total Space | 58.15 Gb Free Space | 79.27% Space Free | Partition Type: NTFS
     
    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2015/02/09 12:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2015/02/08 13:37:42 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    PRC - [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2014/12/21 11:21:24 | 000,110,160 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2014/12/18 17:13:16 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2014/12/11 11:36:04 | 000,089,864 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    PRC - [2014/12/09 04:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2014/10/29 23:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    PRC - [2014/10/29 17:18:30 | 004,826,904 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
    PRC - [2014/10/26 15:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
    PRC - [2014/08/22 17:54:49 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2014/08/01 14:11:23 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/08/01 14:08:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/05/16 23:34:14 | 000,430,344 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2014/04/09 14:13:04 | 000,279,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    PRC - [2014/01/10 06:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2013/11/04 13:42:10 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2013/11/04 13:42:08 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2013/11/04 13:42:08 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
    PRC - [2013/01/11 06:31:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/10/03 19:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
    PRC - [2011/06/05 19:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/06/17 08:59:52 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2010/06/17 08:59:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/02/05 09:50:20 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
    PRC - [2010/02/05 09:50:20 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    PRC - [2009/02/07 01:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2005/08/23 20:00:48 | 000,430,080 | ---- | M] (J. Eric Vaughan) -- C:\Program Files\Stay On Top\StayOnTop.exe
    PRC - [2000/01/01 01:00:00 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2015/02/10 13:52:06 | 000,043,008 | ---- | M] () -- c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt9h_v1.dll
    MOD - [2015/02/09 21:05:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3820.14122__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:57 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3820.14234__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:57 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3820.14201__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:57 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3820.14107__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:57 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3820.14128__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:57 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3820.14182__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:57 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3820.14161__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:57 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3820.14151__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3820.14117__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3820.14116__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:56 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3820.14202__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:56 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3820.14234__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:55 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3820.14167__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:55 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3820.14200__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:55 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3820.14167__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3820.14166__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3820.14200__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:54 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3820.14154__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:54 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3820.14175__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:54 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3820.14129__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:54 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3820.14153__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:54 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3820.14158__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 001,298,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3820.14230__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3820.14129__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3820.14152__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3820.14148__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3820.14160__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3820.14133__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2015/02/09 21:05:53 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2015/02/09 21:05:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3820.14151__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3820.14152__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3820.14158__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3820.14132__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3820.14160__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2015/02/09 21:05:52 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3820.14101__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2015/02/09 21:05:52 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2015/02/09 21:05:52 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3820.14097__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2015/02/09 21:05:52 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3820.14101__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2015/02/09 21:05:52 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3820.14200__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2015/02/09 21:05:52 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3820.14207__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2015/02/09 21:05:52 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3820.14106__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2015/02/09 21:05:52 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3820.14102__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2015/02/09 21:05:51 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3820.14096__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2015/02/09 21:05:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2015/02/09 21:05:51 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3820.14095__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2015/02/09 21:05:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3820.14195__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2015/02/09 21:05:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3820.14098__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2015/02/09 21:05:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2015/02/09 21:05:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2015/02/09 21:05:51 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3820.14097__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2015/02/09 21:05:51 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3820.14105__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2015/02/09 21:05:51 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3820.14100__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2015/02/09 21:05:50 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3820.14098__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2015/02/09 21:05:50 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3820.14097__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2015/02/09 21:05:50 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3820.14100__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3820.14099__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3820.14166__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3820.14201__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3820.14176__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3820.14122__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3820.14115__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2015/02/09 21:05:49 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3820.14202__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3820.14144__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3820.14116__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:48 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3820.14158__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3820.14106__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3820.14181__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3820.14126__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3820.14151__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3820.14116__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3820.14161__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3820.14116__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3820.14125__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2015/02/09 21:05:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3820.14097__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2015/02/09 21:05:46 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3820.14228__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
    MOD - [2015/02/09 21:05:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3820.14208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2015/02/09 21:05:46 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3820.14102__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2015/02/09 21:05:45 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3820.14190__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2015/02/09 21:05:45 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3820.14122__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2015/02/09 21:05:45 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3820.14196__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2015/02/09 21:05:45 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3820.14194__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2015/02/09 21:05:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3820.14104__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2015/02/09 21:05:45 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3820.14105__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2015/02/09 21:05:45 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3820.14101__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2015/02/09 21:05:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3820.14100__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2015/02/09 21:05:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3820.14098__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2015/02/09 21:05:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3820.14099__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2015/02/09 21:05:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3820.14121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2015/02/09 21:05:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3820.14104__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2015/02/09 21:05:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3820.14102__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2015/02/09 21:05:44 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3820.14110__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2015/02/09 21:05:43 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3820.14112__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2015/02/09 21:05:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3820.14103__90ba9c70f846762e\APM.Server.dll
    MOD - [2015/02/09 21:05:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3820.14102__90ba9c70f846762e\AEM.Server.dll
    MOD - [2015/02/09 21:05:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3820.14110__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2015/02/09 21:05:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2015/02/09 21:05:43 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3820.14195__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2015/02/09 21:05:43 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3820.14127__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2015/01/23 11:37:32 | 003,925,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/11/13 15:16:07 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
    MOD - [2014/10/22 01:22:50 | 000,750,080 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    MOD - [2014/10/22 01:22:50 | 000,047,616 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
    MOD - [2014/10/22 01:22:48 | 000,863,744 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    MOD - [2014/10/22 01:22:46 | 000,200,704 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    MOD - [2014/10/16 02:13:24 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
    MOD - [2014/10/16 02:10:34 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
    MOD - [2014/10/16 02:09:20 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
    MOD - [2014/10/16 02:09:12 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
    MOD - [2014/10/16 02:09:05 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
    MOD - [2014/10/16 02:08:33 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
    MOD - [2014/09/11 01:20:39 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
    MOD - [2014/08/01 14:08:53 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/08/01 14:08:48 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
    MOD - [2014/05/12 10:49:04 | 000,260,608 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_06.dll
    MOD - [2014/01/10 06:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2014/01/10 06:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/06/10 16:42:46 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
    SRV - [2015/02/05 20:20:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2015/01/23 11:37:25 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/12/11 11:36:04 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
    SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2014/11/22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2014/08/22 17:54:49 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2014/08/01 14:08:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/07/26 16:40:55 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
    SRV - [2014/05/17 01:44:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
    SRV - [2014/05/16 23:34:14 | 000,430,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2014/04/09 14:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
    SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2013/11/04 13:42:10 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2013/11/04 13:42:08 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2013/07/12 23:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/24 21:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/10/03 19:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
    SRV - [2010/06/17 08:59:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/03/16 05:12:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/05 09:50:20 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/02/07 01:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2000/01/01 01:00:00 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva409.sys -- (XDva409)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva405.sys -- (XDva405)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\_MEI20402\drivers\winpmem32.sys -- (pmem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
    DRV - [2015/02/10 13:50:28 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2014/11/22 01:40:32 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/08/01 14:11:17 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/08/01 14:08:57 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/08/01 14:08:57 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/08/01 14:08:57 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
    DRV - [2014/08/01 14:08:57 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/08/01 14:08:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/08/01 14:08:57 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/05/17 03:33:08 | 000,039,624 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
    DRV - [2014/05/17 01:41:54 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
    DRV - [2013/12/04 22:34:14 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
    DRV - [2013/11/04 13:42:02 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
    DRV - [2013/10/28 01:12:12 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2013/10/02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2013/08/25 21:17:26 | 003,234,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2013/05/31 15:53:18 | 000,209,016 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
    DRV - [2013/05/22 17:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2013/04/03 08:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2012/10/23 23:39:46 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/07/20 11:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
    DRV - [2012/07/20 11:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
    DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/07 10:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2010/07/27 14:27:41 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
    DRV - [2010/06/22 03:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2010/06/17 09:07:00 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2010/06/17 09:07:00 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
    DRV - [2010/06/17 08:10:22 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/05/06 05:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/12/22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/08/23 17:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
    DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2000/01/01 01:00:00 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2000/01/01 01:00:00 | 000,197,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.highlightCount: 0
    FF - prefs.js..browser.search.isUS: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://my.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
    FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
    FF - prefs.js..extensions.enabledAddons: doubleclick2reloadtab%40linhph.com:1.0.1
    FF - prefs.js..extensions.enabledAddons: firerainbow%40hildebrand.cz:1.5
    FF - prefs.js..extensions.enabledAddons: %7B06997db0-c027-4d5f-bd37-b0d9230226ea%7D:0.63
    FF - prefs.js..extensions.enabledAddons: %7Baede9b05-c23c-479b-a90e-9146ed62d377%7D:1.2.1
    FF - prefs.js..extensions.enabledAddons: duplicate-this-tab%40mozilla.org:1.3
    FF - prefs.js..extensions.enabledAddons: passhash%40mozilla.wijjo.com:1.1.7
    FF - prefs.js..extensions.enabledAddons: clearrecenthistory%40example.net:1.1.20
    FF - prefs.js..extensions.enabledAddons: %7B15a7ef52-8a77-426e-9e17-e21af257d7c8%7D:1.8.5
    FF - prefs.js..extensions.enabledAddons: amazononclick%40martin.schreiber:1.2
    FF - prefs.js..extensions.enabledAddons: gmail_panel%40alejandrobrizuela.com.ar:1.1.1
    FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.14
    FF - prefs.js..extensions.enabledAddons: %7B73007fef-a6e0-47d3-b4e7-dfc116ed6f65%7D:1.15
    FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.6.5
    FF - prefs.js..extensions.enabledAddons: simpletimer%40grbradt.org:2.0.3
    FF - prefs.js..extensions.enabledAddons: %7BC0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9%7D:0.7.5
    FF - prefs.js..extensions.enabledAddons: %7BFC5BAC7D-D696-4ba6-B913-CF8F000C33DF%7D:6.0.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
    FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.5.9
    FF - prefs.js..extensions.enabledItems: {7F23E3F4-F72E-4f4f-8761-854C8942708F}:1.2.6
    FF - prefs.js..extensions.enabledItems: [email protected]:9.0.2006.53
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172
    FF - prefs.js..extensions.enabledItems: [email protected]:0.3
    FF - prefs.js..extensions.enabledItems: [email protected]:3.0.4
    FF - prefs.js..network.proxy.type: 4
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/UCPlugin:  File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@siber.com/RoboForm: C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/29 10:02:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/29 10:02:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/08 08:32:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014/12/21 11:22:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/01/27 15:31:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.6.1\extensions\\Components: C:\Program Files\Pale Moon\components [2015/01/13 00:55:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.6.1\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2015/01/13 00:55:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 11:36:14 | 000,010,691 | ---- | M] ()
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014/12/21 11:22:03 | 000,000,000 | ---D | M]
     
    [2014/07/21 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
    [2014/07/21 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
    [2014/08/05 16:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extension-data
    [2014/08/05 16:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extension-data\[email protected]
    [2015/02/09 00:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions
    [2014/08/05 14:56:28 | 000,000,000 | ---D | M] (Remove Cookies for Site) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}
    [2014/12/04 21:58:01 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
    [2015/01/13 20:40:53 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
    [2014/10/15 15:44:27 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
    [2014/08/05 14:29:19 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/11/04 11:17:22 | 000,000,000 | ---D | M] (Clear Recent History... +) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/02/06 11:43:33 | 000,000,000 | ---D | M] (Blur (Formerly DoNotTrackMe)) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\don[email protected]
    [2014/08/05 14:56:28 | 000,000,000 | ---D | M] (Double-click To Reload Tab) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/08/05 14:56:28 | 000,000,000 | ---D | M] (FireRainbow) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/10/12 20:41:28 | 000,000,000 | ---D | M] ("Password Hasher") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/04/08 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]
    [2014/04/08 15:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]\simple-storage
    [2014/12/06 14:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]
    [2014/12/06 14:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack\[email protected]\simple-storage
    [2014/11/29 23:19:07 | 000,010,102 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/08/05 18:03:30 | 000,169,469 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/02/05 22:45:43 | 002,558,942 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/02/06 11:53:45 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/12/23 19:30:54 | 000,033,116 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/11/26 18:57:22 | 000,516,357 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/02/04 16:08:26 | 000,328,123 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/01/31 14:26:56 | 000,185,312 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/12/13 22:47:50 | 000,096,404 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/08/05 16:19:40 | 000,144,716 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/12/06 14:02:43 | 000,447,686 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/08/05 16:19:40 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/02/03 23:31:21 | 000,002,736 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/01/07 17:51:11 | 001,183,704 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/01/26 23:09:26 | 000,206,833 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2014/08/05 16:19:40 | 000,012,030 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
    [2015/02/06 11:58:43 | 000,086,000 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
    [2014/11/25 22:58:48 | 000,268,530 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi
    [2014/10/08 12:06:48 | 000,105,141 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi
    [2015/02/06 12:00:12 | 000,050,602 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
    [2015/01/10 19:23:25 | 000,013,127 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
    [2014/12/25 17:54:00 | 000,030,813 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
    [2015/01/22 21:19:33 | 000,027,016 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi
    [2014/08/05 18:03:30 | 000,002,245 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi
    [2014/11/13 20:37:04 | 000,129,475 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
    [2015/02/03 17:27:24 | 000,224,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
    [2014/10/15 17:45:29 | 000,073,612 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
    [2015/01/15 17:53:10 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2015/01/10 19:47:15 | 000,004,929 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\google-images.xml
    [2013/06/14 21:21:43 | 000,000,910 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\yahoo.xml
    [2015/02/06 22:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2015/02/06 22:33:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2015/01/27 15:31:32 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files\Mozilla Firefox\browser\extensions\[email protected]
     
    ========== Chrome  ==========
     
    CHR - default_search_provider:  ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\6.0.12_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.12.2_0\
     
    O1 HOSTS File: ([2014/01/31 13:01:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
    O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5794603A-7296-4361-A208-8D2B25CE0365}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{922811CB-89F2-4B4F-B615-FB20EB03AB4A}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2013/12/18 18:37:08 | 000,000,897 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
    O32 - AutoRun File - [2000/11/02 14:44:46 | 000,000,040 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (bootdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    NetSvcs: FastUserSwitchingCompatibility -  File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla -  File not found
    NetSvcs: Ntmssvc -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: SRService -  File not found
    NetSvcs: WmdmPmSp -  File not found
    NetSvcs: LogonHours -  File not found
    NetSvcs: PCAudit -  File not found
    NetSvcs: helpsvc -  File not found
    NetSvcs: uploadmgr -  File not found
     
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk -  - File not found
    MsConfig - StartUpReg: Aeria Ignite - hkey= - key= -  File not found
    MsConfig - StartUpReg: Amazon Music - hkey= - key= - C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
    MsConfig - StartUpReg: APSDaemon - hkey= - key= - c:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    MsConfig - StartUpReg: BCSSync - hkey= - key= - c:\program files\microsoft office\office14\bcssync.exe (Microsoft Corporation)
    MsConfig - StartUpReg: DivXMediaServer - hkey= - key= - c:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - c:\program files\divx\divx update\divxupdate.exe ()
    MsConfig - StartUpReg: FreeRAM XP - hkey= - key= - c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe (YourWare Solutions ™)
    MsConfig - StartUpReg: GameXN GO - hkey= - key= -  File not found
    MsConfig - StartUpReg: KiesPreload - hkey= - key= - c:\program files\samsung\kies\kies.exe (Samsung)
    MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - c:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - c:\program files\quicktime alternative\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: Screen Highlighter - hkey= - key= - C:\Program Files\Screen Highlighter\shl.exe (Harmony Hollow Software)
    MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    MsConfig - State: "startup" - 2
     
    SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MCODS - Reg Error: Value error.
    SafeBootMin: NTDS -  File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: MCODS - Reg Error: Value error.
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS -  File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {1D4F7DD2-F439-DB6D-BE43-064BEF63CD8C} - Microsoft Windows Media Player
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {3E34A746-DC10-DD13-6F10-B6D42DEF3D42} - Themes Setup
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {81CA3CAD-E9FC-E1BA-2A70-89F70A6A9202} - Microsoft Windows Media Player 12.0
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A1C5F60A-7886-41ED-047D-BF88FFD997E0} - Microsoft Windows Media Player 12.0
    ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework
    ActiveX: {C433B10D-1FEB-1AD4-F989-9238254BB80D} - Internet Explorer
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
     
    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lame - C:\Windows\System32\lame.ax ()
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/02/10 14:12:17 | 000,000,000 | ---D | C] -- C:\FRST
    [2015/02/10 14:11:08 | 001,124,352 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FRST.exe
    [2015/02/10 13:59:36 | 001,388,274 | ---- | C] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
    [2015/02/09 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ATI
    [2015/02/09 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ATI
    [2015/02/09 21:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2015/02/09 21:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2015/02/09 21:06:10 | 000,030,392 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys
    [2015/02/09 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
    [2015/02/09 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2015/02/09 12:17:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2015/02/09 11:52:43 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
    [2015/02/09 11:52:43 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
    [2015/02/09 11:52:42 | 001,640,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
    [2015/02/09 11:52:42 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
    [2015/02/09 11:52:42 | 000,057,376 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
    [2015/02/09 11:52:41 | 002,622,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
    [2015/02/09 11:52:41 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
    [2015/02/09 11:52:41 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
    [2015/02/09 11:52:41 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
    [2015/02/09 11:52:41 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
    [2015/02/09 11:52:41 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
    [2015/02/09 11:52:41 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
    [2015/02/09 11:52:41 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
    [2015/02/09 11:52:39 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
    [2015/02/09 11:52:39 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
    [2015/02/09 02:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2015/02/09 02:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
    [2015/02/06 22:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2015/02/02 01:08:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MMFApplications
    [2015/02/02 00:57:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's DEMO
    [2015/02/02 00:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Five Nights at Freddy's DEMO
    [2015/01/27 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2015/01/25 17:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2015/01/23 20:42:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2015/01/18 21:32:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\CafePress
    [2015/01/18 16:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\paint.net
    [2015/01/18 16:49:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\paint.net
    [2015/01/18 15:04:40 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Imagina
    [2015/01/18 15:01:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Planet Imagina
    [2015/01/18 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
    [2015/01/17 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FastStone
    [2015/01/17 19:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
    [2015/01/17 19:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
    [2015/01/14 11:09:05 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2015/01/14 11:09:04 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2015/01/14 11:08:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
    [2015/01/13 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2015/01/12 14:50:48 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\scrapBYE
    [2015/01/12 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MyPaint
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/02/10 14:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2015/02/10 14:11:13 | 001,124,352 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FRST.exe
    [2015/02/10 13:59:41 | 001,388,274 | ---- | M] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
    [2015/02/10 13:57:34 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/02/10 13:57:34 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/02/10 13:50:51 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
    [2015/02/10 13:50:28 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
    [2015/02/10 13:50:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/02/10 13:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/02/10 13:49:42 | 2814,558,208 | -HS- | M] () -- C:\hiberfil.sys
    [2015/02/10 13:43:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/02/10 13:38:42 | 002,112,512 | ---- | M] () -- C:\Users\User\Desktop\AdwCleaner.exe
    [2015/02/10 13:36:11 | 000,697,506 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2015/02/10 13:36:11 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2015/02/10 13:36:11 | 000,384,248 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
    [2015/02/10 13:36:11 | 000,149,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2015/02/10 13:36:11 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2015/02/10 13:36:11 | 000,119,918 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
    [2015/02/09 12:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2015/02/09 11:06:57 | 002,527,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2015/02/09 04:08:07 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2015/02/09 00:13:51 | 008,998,130 | ---- | M] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
    [2015/02/09 00:11:30 | 011,780,600 | ---- | M] () -- C:\Users\User\Desktop\Dana Fredsti.mp4
    [2015/02/08 21:28:35 | 003,049,957 | ---- | M] () -- C:\Users\User\Desktop\2015-02-07 19.05.52.jpg
    [2015/02/08 21:26:26 | 000,640,244 | ---- | M] () -- C:\Users\User\Desktop\2015-02-07 19.00.30.jpg
    [2015/02/08 20:44:47 | 000,086,016 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
    [2015/02/08 18:33:06 | 002,728,696 | ---- | M] () -- C:\Users\User\Desktop\2015-02-08 01.10.01.jpg
    [2015/02/08 18:31:17 | 003,952,133 | ---- | M] () -- C:\Users\User\Desktop\2015-02-08 01.08.42.jpg
    [2015/02/07 15:05:01 | 008,749,661 | ---- | M] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
    [2015/02/06 22:33:26 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2015/02/06 22:28:01 | 039,690,816 | ---- | M] () -- C:\Users\User\Desktop\Firefox Setup 35.0.1.exe
    [2015/02/05 22:43:47 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2015/02/05 20:20:11 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2015/02/05 20:20:11 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2015/02/05 01:40:59 | 015,795,631 | ---- | M] () -- C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
    [2015/02/05 01:32:35 | 020,690,486 | ---- | M] () -- C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
    [2015/02/04 22:16:16 | 000,245,131 | ---- | M] () -- C:\Users\User\Desktop\Aldrin_Apollo_11_cropped.jpg
    [2015/02/03 17:16:41 | 3869,692,740 | ---- | M] () -- C:\Users\User\Documents\User-PcMediaIDbin.zip
    [2015/02/02 00:57:26 | 000,001,095 | ---- | M] () -- C:\Users\User\Desktop\Five Nights at Freddy's DEMO.lnk
    [2015/01/28 23:19:31 | 000,303,498 | ---- | M] () -- C:\Users\User\Desktop\14860158820_a7d3ab7cd9_z.jpg
    [2015/01/27 01:58:33 | 004,001,425 | ---- | M] () -- C:\Users\User\Desktop\Cintamu Mekar Di Hati - MAY _ HQ   Lirik.mp3
    [2015/01/27 01:57:44 | 000,001,069 | ---- | M] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
    [2015/01/26 20:48:40 | 000,002,225 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2015/01/26 20:48:40 | 000,001,134 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2015/01/25 17:10:59 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2015/01/25 17:10:50 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2015/01/25 17:10:50 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2015/01/25 17:10:49 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2015/01/19 21:19:27 | 009,498,677 | ---- | M] () -- C:\Users\User\Desktop\14426030064_955dc6e406_o.jpg
    [2015/01/18 16:50:29 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
    [2015/01/18 15:32:39 | 000,003,045 | ---- | M] () -- C:\Users\User\AppData\Local\recently-used.xbel
    [2015/01/18 14:33:53 | 000,001,007 | ---- | M] () -- C:\Users\User\Desktop\GIMP 2.lnk
    [2015/01/17 19:56:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
    [2015/01/14 02:00:47 | 003,473,795 | ---- | M] () -- C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2015/02/10 13:38:34 | 002,112,512 | ---- | C] () -- C:\Users\User\Desktop\AdwCleaner.exe
    [2015/02/09 11:52:48 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2015/02/09 00:13:50 | 008,998,130 | ---- | C] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
    [2015/02/09 00:11:28 | 011,780,600 | ---- | C] () -- C:\Users\User\Desktop\Dana Fredsti.mp4
    [2015/02/08 18:27:52 | 000,640,244 | ---- | C] () -- C:\Users\User\Desktop\2015-02-07 19.00.30.jpg
    [2015/02/08 18:27:39 | 002,728,696 | ---- | C] () -- C:\Users\User\Desktop\2015-02-08 01.10.01.jpg
    [2015/02/08 18:27:19 | 003,952,133 | ---- | C] () -- C:\Users\User\Desktop\2015-02-08 01.08.42.jpg
    [2015/02/08 13:32:28 | 003,049,957 | ---- | C] () -- C:\Users\User\Desktop\2015-02-07 19.05.52.jpg
    [2015/02/07 15:04:55 | 008,749,661 | ---- | C] () -- C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
    [2015/02/06 22:33:26 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2015/02/06 22:33:26 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2015/02/06 22:27:46 | 039,690,816 | ---- | C] () -- C:\Users\User\Desktop\Firefox Setup 35.0.1.exe
    [2015/02/05 01:40:47 | 015,795,631 | ---- | C] () -- C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
    [2015/02/05 01:31:40 | 020,690,486 | ---- | C] () -- C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
    [2015/02/05 00:06:16 | 000,038,777 | ---- | C] () -- C:\Users\User\Desktop\in bread.jpg
    [2015/02/04 22:16:14 | 000,245,131 | ---- | C] () -- C:\Users\User\Desktop\Aldrin_Apollo_11_cropped.jpg
    [2015/02/03 17:14:23 | 3869,692,740 | ---- | C] () -- C:\Users\User\Documents\User-PcMediaIDbin.zip
    [2015/02/02 00:57:26 | 000,001,095 | ---- | C] () -- C:\Users\User\Desktop\Five Nights at Freddy's DEMO.lnk
    [2015/01/28 23:08:16 | 000,303,498 | ---- | C] () -- C:\Users\User\Desktop\14860158820_a7d3ab7cd9_z.jpg
    [2015/01/27 01:58:21 | 004,001,425 | ---- | C] () -- C:\Users\User\Desktop\Cintamu Mekar Di Hati - MAY _ HQ   Lirik.mp3
    [2015/01/27 01:57:44 | 000,001,069 | ---- | C] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
    [2015/01/19 21:19:13 | 009,498,677 | ---- | C] () -- C:\Users\User\Desktop\14426030064_955dc6e406_o.jpg
    [2015/01/18 16:50:29 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    [2015/01/18 16:50:29 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\paint.net.lnk
    [2015/01/18 15:32:39 | 000,003,045 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
    [2015/01/18 14:33:53 | 000,001,007 | ---- | C] () -- C:\Users\User\Desktop\GIMP 2.lnk
    [2015/01/18 14:32:19 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    [2015/01/17 19:56:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
    [2015/01/14 02:00:39 | 003,473,795 | ---- | C] () -- C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3
    [2014/11/15 21:33:44 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2014/11/15 21:33:43 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2014/11/15 21:33:43 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2014/08/01 14:10:54 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
    [2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsvousb.sys.dump
    [2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsnmea.sys.dump
    [2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsmdm.sys.dump
    [2014/03/22 17:33:37 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsdiag.sys.dump
    [2014/03/22 17:33:36 | 000,155,136 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys.dump
    [2014/03/22 17:33:36 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsat.sys.dump
    [2014/03/22 17:33:36 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys.dump
    [2014/03/22 17:33:36 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\ws2ifsl.sys.dump
    [2014/03/22 17:33:36 | 000,014,912 | ---- | C] () -- C:\Windows\System32\drivers\wmilib.sys.dump
    [2014/03/22 17:33:35 | 000,043,392 | ---- | C] () -- C:\Windows\System32\drivers\winhv.sys.dump
    [2014/03/22 17:33:35 | 000,035,968 | ---- | C] () -- C:\Windows\System32\drivers\winusb.sys.dump
    [2014/03/22 17:33:35 | 000,019,008 | ---- | C] () -- C:\Windows\System32\drivers\wimmount.sys.dump
    [2014/03/22 17:33:35 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\wmiacpi.sys.dump
    [2014/03/22 17:33:35 | 000,009,728 | ---- | C] () -- C:\Windows\System32\drivers\wfplwf.sys.dump
    [2014/03/22 17:33:34 | 000,527,064 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys.dump
    [2014/03/22 17:33:34 | 000,047,720 | ---- | C] () -- C:\Windows\System32\drivers\WdfLdr.sys.dump
    [2014/03/22 17:33:34 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\watchdog.sys.dump
    [2014/03/22 17:33:34 | 000,019,024 | ---- | C] () -- C:\Windows\System32\drivers\wd.sys.dump
    [2014/03/22 17:33:33 | 000,063,488 | ---- | C] () -- C:\Windows\System32\drivers\wanarp.sys.dump
    [2014/03/22 17:33:33 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys.dump
    [2014/03/22 17:33:33 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\vwifimp.sys.dump
    [2014/03/22 17:33:32 | 000,297,040 | ---- | C] () -- C:\Windows\System32\drivers\volmgrx.sys.dump
    [2014/03/22 17:33:32 | 000,245,632 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys.dump
    [2014/03/22 17:33:32 | 000,141,904 | ---- | C] () -- C:\Windows\System32\drivers\vsmraid.sys.dump
    [2014/03/22 17:33:32 | 000,048,128 | ---- | C] () -- C:\Windows\System32\drivers\vwififlt.sys.dump
    [2014/03/22 17:33:32 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\vwifibus.sys.dump
    [2014/03/22 17:33:31 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys.dump
    [2014/03/22 17:33:31 | 000,040,704 | ---- | C] () -- C:\Windows\System32\drivers\vmstorfl.sys.dump
    [2014/03/22 17:33:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\VMBusHID.sys.dump
    [2014/03/22 17:33:31 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\vms3cap.sys.dump
    [2014/03/22 17:33:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\vmbus.sys.dump
    [2014/03/22 17:33:30 | 000,111,616 | ---- | C] () -- C:\Windows\System32\drivers\videoprt.sys.dump
    [2014/03/22 17:33:30 | 000,053,328 | ---- | C] () -- C:\Windows\System32\drivers\VIAAGP.SYS.dump
    [2014/03/22 17:33:30 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\viac7.sys.dump
    [2014/03/22 17:33:30 | 000,016,976 | ---- | C] () -- C:\Windows\System32\drivers\viaide.sys.dump
    [2014/03/22 17:33:29 | 000,160,128 | ---- | C] () -- C:\Windows\System32\drivers\vhdmp.sys.dump
    [2014/03/22 17:33:29 | 000,032,832 | ---- | C] () -- C:\Windows\System32\drivers\vdrvroot.sys.dump
    [2014/03/22 17:33:29 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\vgapnp.sys.dump
    [2014/03/22 17:33:29 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\vga.sys.dump
    [2014/03/22 17:33:28 | 000,146,816 | ---- | C] () -- C:\Windows\System32\drivers\usbvideo.sys.dump
    [2014/03/22 17:33:28 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS.dump
    [2014/03/22 17:33:28 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys.dump
    [2014/03/22 17:33:27 | 000,284,672 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys.dump
    [2014/03/22 17:33:27 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\usbrpm.sys.dump
    [2014/03/22 17:33:27 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\usbohci.sys.dump
    [2014/03/22 17:33:27 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\usbprint.sys.dump
    [2014/03/22 17:33:26 | 000,258,560 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys.dump
    [2014/03/22 17:33:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\drivers\usbcir.sys.dump
    [2014/03/22 17:33:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys.dump
    [2014/03/22 17:33:26 | 000,006,016 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys.dump
    [2014/03/22 17:33:25 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys.dump
    [2014/03/22 17:33:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys.dump
    [2014/03/22 17:33:25 | 000,025,856 | ---- | C] () -- C:\Windows\System32\drivers\USBCAMD2.sys.dump
    [2014/03/22 17:33:25 | 000,025,856 | ---- | C] () -- C:\Windows\System32\drivers\USBCAMD.sys.dump
    [2014/03/22 17:33:25 | 000,015,872 | ---- | C] () -- C:\Windows\System32\drivers\usb8023.sys.dump
    [2014/03/22 17:33:24 | 000,246,784 | ---- | C] () -- C:\Windows\System32\drivers\udfs.sys.dump
    [2014/03/22 17:33:24 | 000,057,424 | ---- | C] () -- C:\Windows\System32\drivers\ULIAGPKX.SYS.dump
    [2014/03/22 17:33:24 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\umbus.sys.dump
    [2014/03/22 17:33:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\umpass.sys.dump
    [2014/03/22 17:33:23 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\tunnel.sys.dump
    [2014/03/22 17:33:23 | 000,055,888 | ---- | C] () -- C:\Windows\System32\drivers\UAGP35.SYS.dump
    [2014/03/22 17:33:22 | 000,200,976 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys.dump
    [2014/03/22 17:33:22 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\termdd.sys.dump
    [2014/03/22 17:33:22 | 000,049,664 | ---- | C] () -- C:\Windows\System32\drivers\TsUsbFlt.sys.dump
    [2014/03/22 17:33:22 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys.dump
    [2014/03/22 17:33:21 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys.dump
    [2014/03/22 17:33:21 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys.dump
    [2014/03/22 17:33:21 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tdtcp.sys.dump
    [2014/03/22 17:33:21 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\tdi.sys.dump
    [2014/03/22 17:33:21 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\tdpipe.sys.dump
    [2014/03/22 17:33:20 | 001,294,272 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys.dump
    [2014/03/22 17:33:20 | 000,037,064 | ---- | C] () -- C:\Windows\System32\drivers\taphss6.sys.dump
    [2014/03/22 17:33:19 | 000,299,312 | ---- | C] () -- C:\Windows\System32\drivers\SynTP.sys.dump
    [2014/03/22 17:33:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\taphss.sys.dump
    [2014/03/22 17:33:19 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tape.sys.dump
    [2014/03/22 17:33:18 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys.dump
    [2014/03/22 17:33:18 | 000,012,240 | ---- | C] () -- C:\Windows\System32\drivers\swenum.sys.dump
    [2014/03/22 17:33:17 | 000,182,680 | ---- | C] () -- C:\Windows\System32\drivers\ssudmdm.sys.dump
    [2014/03/22 17:33:17 | 000,148,864 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys.dump
    [2014/03/22 17:33:17 | 000,053,632 | ---- | C] () -- C:\Windows\System32\drivers\stream.sys.dump
    [2014/03/22 17:33:17 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\storvsc.sys.dump
    [2014/03/22 17:33:17 | 000,021,072 | ---- | C] () -- C:\Windows\System32\drivers\stexstor.sys.dump
    [2014/03/22 17:33:16 | 000,311,808 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys.dump
    [2014/03/22 17:33:16 | 000,310,272 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys.dump
    [2014/03/22 17:33:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys.dump
    [2014/03/22 17:33:16 | 000,083,864 | ---- | C] () -- C:\Windows\System32\drivers\ssudbus.sys.dump
    [2014/03/22 17:33:15 | 000,405,504 | ---- | C] () -- C:\Windows\System32\drivers\spsys.sys.dump
    [2014/03/22 17:33:15 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys.dump
    [2014/03/22 17:33:15 | 000,017,472 | ---- | C] () -- C:\Windows\System32\drivers\spldr.sys.dump
    [2014/03/22 17:33:15 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\smclib.sys.dump
    [2014/03/22 17:33:14 | 000,077,888 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys.dump
    [2014/03/22 17:33:14 | 000,052,304 | ---- | C] () -- C:\Windows\System32\drivers\SISAGP.SYS.dump
    [2014/03/22 17:33:14 | 000,040,016 | ---- | C] () -- C:\Windows\System32\drivers\sisraid2.sys.dump
    [2014/03/22 17:33:14 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys.dump
    [2014/03/22 17:33:13 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\sfloppy.sys.dump
    [2014/03/22 17:33:13 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys.dump
    [2014/03/22 17:33:13 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\sffp_mmc.sys.dump
    [2014/03/22 17:33:12 | 000,083,456 | ---- | C] () -- C:\Windows\System32\drivers\serial.sys.dump
    [2014/03/22 17:33:12 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\sermouse.sys.dump
    [2014/03/22 17:33:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\serenum.sys.dump
    [2014/03/22 17:33:12 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\sffdisk.sys.dump
    [2014/03/22 17:33:11 | 000,140,160 | ---- | C] () -- C:\Windows\System32\drivers\scsiport.sys.dump
    [2014/03/22 17:33:11 | 000,085,376 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys.dump
    [2014/03/22 17:33:11 | 000,084,992 | ---- | C] () -- C:\Windows\System32\drivers\sdbus.sys.dump
    [2014/03/22 17:33:11 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\scfilter.sys.dump
    [2014/03/22 17:33:11 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\secdrv.sys.dump
    [2014/03/22 17:33:10 | 002,888,536 | ---- | C] () -- C:\Windows\System32\drivers\RTKVHDA.sys.dump
    [2014/03/22 17:33:10 | 000,197,736 | ---- | C] () -- C:\Windows\System32\drivers\RtsUStor.sys.dump
    [2014/03/22 17:33:09 | 000,394,856 | ---- | C] () -- C:\Windows\System32\drivers\Rt86win7.sys.dump
    [2014/03/22 17:33:09 | 000,060,928 | ---- | C] () -- C:\Windows\System32\drivers\rspndr.sys.dump
    [2014/03/22 17:33:09 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\RNDISMP.sys.dump
    [2014/03/22 17:33:09 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\rootmdm.sys.dump
    [2014/03/22 17:33:08 | 000,117,760 | ---- | C] () -- C:\Windows\System32\drivers\rmcast.sys.dump
    [2014/03/22 17:33:07 | 000,183,808 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys.dump
    [2014/03/22 17:33:07 | 000,173,440 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys.dump
    [2014/03/22 17:33:07 | 000,129,536 | ---- | C] () -- C:\Windows\System32\drivers\rfcomm.sys.dump
    [2014/03/22 17:33:07 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\RimSerial.sys.dump
    [2014/03/22 17:33:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\rdpvideominiport.sys.dump
    [2014/03/22 17:33:06 | 000,133,632 | ---- | C] () -- C:\Windows\System32\drivers\rdpdr.sys.dump
    [2014/03/22 17:33:06 | 000,018,944 | ---- | C] () -- C:\Windows\System32\drivers\rdpbus.sys.dump
    [2014/03/22 17:33:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\RDPREFMP.sys.dump
    [2014/03/22 17:33:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPENCDD.sys.dump
    [2014/03/22 17:33:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPCDD.sys.dump
    [2014/03/22 17:33:05 | 000,242,688 | ---- | C] () -- C:\Windows\System32\drivers\rdbss.sys.dump
    [2014/03/22 17:33:05 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\rasl2tp.sys.dump
    [2014/03/22 17:33:05 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\raspppoe.sys.dump
    [2014/03/22 17:33:05 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\rassstp.sys.dump
    [2014/03/22 17:33:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\drivers\raspptp.sys.dump
    [2014/03/22 17:33:04 | 001,383,488 | ---- | C] () -- C:\Windows\System32\drivers\ql2300.sys.dump
    [2014/03/22 17:33:04 | 000,106,064 | ---- | C] () -- C:\Windows\System32\drivers\ql40xx.sys.dump
    [2014/03/22 17:33:04 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\qwavedrv.sys.dump
    [2014/03/22 17:33:04 | 000,011,776 | ---- | C] () -- C:\Windows\System32\drivers\rasacd.sys.dump
    [2014/03/22 17:33:03 | 000,052,224 | ---- | C] () -- C:\Windows\System32\drivers\processr.sys.dump
    [2014/03/22 17:33:03 | 000,015,544 | ---- | C] () -- C:\Windows\System32\drivers\psi_mf.sys.dump
    [2014/03/22 17:33:02 | 000,586,752 | ---- | C] () -- C:\Windows\System32\drivers\PEAuth.sys.dump
    [2014/03/22 17:33:02 | 000,180,288 | ---- | C] () -- C:\Windows\System32\drivers\pcmcia.sys.dump
    [2014/03/22 17:33:02 | 000,177,152 | ---- | C] () -- C:\Windows\System32\drivers\portcls.sys.dump
    [2014/03/22 17:33:02 | 000,043,088 | ---- | C] () -- C:\Windows\System32\drivers\pcw.sys.dump
    [2014/03/22 17:33:01 | 000,153,984 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys.dump
    [2014/03/22 17:33:01 | 000,056,176 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys.dump
    [2014/03/22 17:33:01 | 000,042,560 | ---- | C] () -- C:\Windows\System32\drivers\pciidex.sys.dump
    [2014/03/22 17:33:01 | 000,012,368 | ---- | C] () -- C:\Windows\System32\drivers\pciide.sys.dump
    [2014/03/22 17:33:01 | 000,008,704 | ---- | C] () -- C:\Windows\System32\drivers\parvdm.sys.dump
    [2014/03/22 17:33:00 | 000,267,264 | ---- | C] () -- C:\Windows\System32\drivers\nwifi.sys.dump
    [2014/03/22 17:33:00 | 000,105,024 | ---- | C] () -- C:\Windows\System32\drivers\NV_AGP.SYS.dump
    [2014/03/22 17:33:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\drivers\pacer.sys.dump
    [2014/03/22 17:33:00 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\parport.sys.dump
    [2014/03/22 17:33:00 | 000,062,464 | ---- | C] () -- C:\Windows\System32\drivers\ohci1394.sys.dump
    [2014/03/22 17:32:59 | 001,211,752 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys.dump
    [2014/03/22 17:32:59 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys.dump
    [2014/03/22 17:32:59 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys.dump
    [2014/03/22 17:32:59 | 000,004,608 | ---- | C] () -- C:\Windows\System32\drivers\null.sys.dump
    [2014/03/22 17:32:58 | 000,044,624 | ---- | C] () -- C:\Windows\System32\drivers\nfrd960.sys.dump
    [2014/03/22 17:32:58 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\npfs.sys.dump
    [2014/03/22 17:32:58 | 000,016,896 | ---- | C] () -- C:\Windows\System32\drivers\nsiproxy.sys.dump
    [2014/03/22 17:32:57 | 000,240,576 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys.dump
    [2014/03/22 17:32:57 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys.dump
    [2014/03/22 17:32:57 | 000,048,640 | ---- | C] () -- C:\Windows\System32\drivers\ndproxy.sys.dump
    [2014/03/22 17:32:57 | 000,036,352 | ---- | C] () -- C:\Windows\System32\drivers\netbios.sys.dump
    [2014/03/22 17:32:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\drivers\ndiswan.sys.dump
    [2014/03/22 17:32:56 | 000,046,080 | ---- | C] () -- C:\Windows\System32\drivers\ndisuio.sys.dump
    [2014/03/22 17:32:56 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\ndiscap.sys.dump
    [2014/03/22 17:32:56 | 000,020,992 | ---- | C] () -- C:\Windows\System32\drivers\ndistapi.sys.dump
    [2014/03/22 17:32:55 | 000,712,048 | ---- | C] () -- C:\Windows\System32\drivers\ndis.sys.dump
    [2014/03/22 17:32:55 | 000,049,728 | ---- | C] () -- C:\Windows\System32\drivers\mup.sys.dump
    [2014/03/22 17:32:55 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys.dump
    [2014/03/22 17:32:55 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\MTConfig.sys.dump
    [2014/03/22 17:32:55 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\mstee.sys.dump
    [2014/03/22 17:32:54 | 000,233,344 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys.dump
    [2014/03/22 17:32:54 | 000,162,896 | ---- | C] () -- C:\Windows\System32\drivers\msrpc.sys.dump
    [2014/03/22 17:32:54 | 000,008,320 | ---- | C] () -- C:\Windows\System32\drivers\mskssrv.sys.dump
    [2014/03/22 17:32:54 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\mspclock.sys.dump
    [2014/03/22 17:32:54 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\mspqm.sys.dump
    [2014/03/22 17:32:53 | 000,116,096 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys.dump
    [2014/03/22 17:32:53 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\msfs.sys.dump
    [2014/03/22 17:32:53 | 000,013,888 | ---- | C] () -- C:\Windows\System32\drivers\msisadrv.sys.dump
    [2014/03/22 17:32:53 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\mshidkmdf.sys.dump
    [2014/03/22 17:32:52 | 000,223,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys.dump
    [2014/03/22 17:32:52 | 000,123,904 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys.dump
    [2014/03/22 17:32:52 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys.dump
    [2014/03/22 17:32:52 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys.dump
    [2014/03/22 17:32:51 | 000,130,432 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys.dump
    [2014/03/22 17:32:51 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\mrxdav.sys.dump
    [2014/03/22 17:32:51 | 000,078,208 | ---- | C] () -- C:\Windows\System32\drivers\mountmgr.sys.dump
    [2014/03/22 17:32:51 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\mpsdrv.sys.dump
    [2014/03/22 17:32:51 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\mouhid.sys.dump
    [2014/03/22 17:32:50 | 000,235,584 | ---- | C] () -- C:\Windows\System32\drivers\MegaSR.sys.dump
    [2014/03/22 17:32:50 | 000,041,552 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys.dump
    [2014/03/22 17:32:50 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\modem.sys.dump
    [2014/03/22 17:32:50 | 000,030,800 | ---- | C] () -- C:\Windows\System32\drivers\megasas.sys.dump
    [2014/03/22 17:32:50 | 000,023,552 | ---- | C] () -- C:\Windows\System32\drivers\monitor.sys.dump
    [2014/03/22 17:32:50 | 000,012,072 | ---- | C] () -- C:\Windows\System32\drivers\MoborobAssDriver.sys.dump
    [2014/03/22 17:32:49 | 000,034,432 | ---- | C] () -- C:\Windows\System32\drivers\mcvidrv.sys.dump
    [2014/03/22 17:32:49 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\mcaudrv.sys.dump
    [2014/03/22 17:32:49 | 000,022,856 | ---- | C] () -- C:\Windows\System32\drivers\mbam.sys.dump
    [2014/03/22 17:32:49 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\mcd.sys.dump
    [2014/03/22 17:32:49 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\massfilter_hs.sys.dump
    [2014/03/22 17:32:48 | 000,096,848 | ---- | C] () -- C:\Windows\System32\drivers\lsi_scsi.sys.dump
    [2014/03/22 17:32:48 | 000,089,168 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas.sys.dump
    [2014/03/22 17:32:48 | 000,086,528 | ---- | C] () -- C:\Windows\System32\drivers\luafv.sys.dump
    [2014/03/22 17:32:48 | 000,054,864 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas2.sys.dump
    [2014/03/22 17:32:48 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\ManyCam.sys.dump
    [2014/03/22 17:32:47 | 000,136,640 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys.dump
    [2014/03/22 17:32:47 | 000,095,824 | ---- | C] () -- C:\Windows\System32\drivers\lsi_fc.sys.dump
    [2014/03/22 17:32:47 | 000,067,520 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys.dump
    [2014/03/22 17:32:47 | 000,048,128 | ---- | C] () -- C:\Windows\System32\drivers\lltdio.sys.dump
    [2014/03/22 17:32:46 | 000,209,016 | ---- | C] () -- C:\Windows\System32\drivers\keyscrambler.sys.dump
    [2014/03/22 17:32:46 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys.dump
    [2014/03/22 17:32:46 | 000,046,656 | ---- | C] () -- C:\Windows\System32\drivers\isapnp.sys.dump
    [2014/03/22 17:32:46 | 000,042,576 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys.dump
    [2014/03/22 17:32:46 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\kbdhid.sys.dump
    [2014/03/22 17:32:45 | 000,101,888 | ---- | C] () -- C:\Windows\System32\drivers\ipnat.sys.dump
    [2014/03/22 17:32:45 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\irda.sys.dump
    [2014/03/22 17:32:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys.dump
    [2014/03/22 17:32:45 | 000,058,880 | ---- | C] () -- C:\Windows\System32\drivers\ipfltdrv.sys.dump
    [2014/03/22 17:32:45 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\irenum.sys.dump
    [2014/03/22 17:32:44 | 000,332,160 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys.dump
    [2014/03/22 17:32:44 | 000,053,760 | ---- | C] () -- C:\Windows\System32\drivers\intelppm.sys.dump
    [2014/03/22 17:32:44 | 000,041,040 | ---- | C] () -- C:\Windows\System32\drivers\iirsp.sys.dump
    [2014/03/22 17:32:44 | 000,015,424 | ---- | C] () -- C:\Windows\System32\drivers\intelide.sys.dump
    [2014/03/22 17:32:43 | 000,513,536 | ---- | C] () -- C:\Windows\System32\drivers\http.sys.dump
    [2014/03/22 17:32:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys.dump
    [2014/03/22 17:32:43 | 000,014,208 | ---- | C] () -- C:\Windows\System32\drivers\hwpolicy.sys.dump
    [2014/03/22 17:32:42 | 000,067,152 | ---- | C] () -- C:\Windows\System32\drivers\HpSAMD.sys.dump
    [2014/03/22 17:32:42 | 000,039,624 | ---- | C] () -- C:\Windows\System32\drivers\hssdrv6.sys.dump
    [2014/03/22 17:32:42 | 000,025,728 | ---- | C] () -- C:\Windows\System32\drivers\hidparse.sys.dump
    [2014/03/22 17:32:42 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\hidusb.sys.dump
    [2014/03/22 17:32:41 | 000,304,128 | ---- | C] () -- C:\Windows\System32\drivers\HdAudio.sys.dump
    [2014/03/22 17:32:41 | 000,091,136 | ---- | C] () -- C:\Windows\System32\drivers\hidbth.sys.dump
    [2014/03/22 17:32:41 | 000,055,808 | ---- | C] () -- C:\Windows\System32\drivers\hidclass.sys.dump
    [2014/03/22 17:32:41 | 000,037,888 | ---- | C] () -- C:\Windows\System32\drivers\hidir.sys.dump
    [2014/03/22 17:32:41 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\hidbatt.sys.dump
    [2014/03/22 17:32:40 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsnmea.sys.dump
    [2014/03/22 17:32:40 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsmdm.sys.dump
    [2014/03/22 17:32:40 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys.dump
    [2014/03/22 17:32:40 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\hcw85cir.sys.dump
    [2014/03/22 17:32:39 | 000,187,752 | ---- | C] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS.dump
    [2014/03/22 17:32:39 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsdiag.sys.dump
    [2014/03/22 17:32:39 | 000,057,936 | ---- | C] () -- C:\Windows\System32\drivers\GAGP30KX.SYS.dump
    [2014/03/22 17:32:39 | 000,032,408 | ---- | C] () -- C:\Windows\System32\drivers\ghsandroid.sys.dump
    [2014/03/22 17:32:39 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys.dump
    [2014/03/22 17:32:38 | 000,198,208 | ---- | C] () -- C:\Windows\System32\drivers\fltMgr.sys.dump
    [2014/03/22 17:32:38 | 000,196,328 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys.dump
    [2014/03/22 17:32:38 | 000,046,160 | ---- | C] () -- C:\Windows\System32\drivers\fsdepends.sys.dump
    [2014/03/22 17:32:38 | 000,019,824 | ---- | C] () -- C:\Windows\System32\drivers\fs_rec.sys.dump
    [2014/03/22 17:32:37 | 000,058,448 | ---- | C] () -- C:\Windows\System32\drivers\fileinfo.sys.dump
    [2014/03/22 17:32:37 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys.dump
    [2014/03/22 17:32:37 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\fdc.sys.dump
    [2014/03/22 17:32:37 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\flpydisk.sys.dump
    [2014/03/22 17:32:36 | 003,100,160 | ---- | C] () -- C:\Windows\System32\drivers\evbdx.sys.dump
    [2014/03/22 17:32:36 | 000,148,480 | ---- | C] () -- C:\Windows\System32\drivers\fastfat.sys.dump
    [2014/03/22 17:32:36 | 000,142,336 | ---- | C] () -- C:\Windows\System32\drivers\exfat.sys.dump
    [2014/03/22 17:32:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\errdev.sys.dump
    [2014/03/22 17:32:33 | 000,729,024 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys.dump
    [2014/03/22 17:32:33 | 000,453,712 | ---- | C] () -- C:\Windows\System32\drivers\elxstor.sys.dump
    [2014/03/22 17:32:33 | 000,218,984 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys.dump
    [2014/03/22 17:32:33 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\dxg.sys.dump
    [2014/03/22 17:32:32 | 000,055,584 | ---- | C] () -- C:\Windows\System32\drivers\dumpfve.sys.dump
    [2014/03/22 17:32:32 | 000,026,704 | ---- | C] () -- C:\Windows\System32\drivers\Dumpata.sys.dump
    [2014/03/22 17:32:32 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\dxapi.sys.dump
    [2014/03/22 17:32:32 | 000,005,120 | ---- | C] () -- C:\Windows\System32\drivers\drmkaud.sys.dump
    [2014/03/22 17:32:31 | 000,131,072 | ---- | C] () -- C:\Windows\System32\drivers\Dot4.sys.dump
    [2014/03/22 17:32:31 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\drmk.sys.dump
    [2014/03/22 17:32:31 | 000,070,720 | ---- | C] () -- C:\Windows\System32\drivers\djsvs.sys.dump
    [2014/03/22 17:32:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\drivers\Dot4usb.sys.dump
    [2014/03/22 17:32:31 | 000,027,008 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys.dump
    [2014/03/22 17:32:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\Dot4Prt.sys.dump
    [2014/03/22 17:32:30 | 000,388,096 | ---- | C] () -- C:\Windows\System32\drivers\csc.sys.dump
    [2014/03/22 17:32:30 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys.dump
    [2014/03/22 17:32:30 | 000,057,424 | ---- | C] () -- C:\Windows\System32\drivers\disk.sys.dump
    [2014/03/22 17:32:30 | 000,032,256 | ---- | C] () -- C:\Windows\System32\drivers\discache.sys.dump
    [2014/03/22 17:32:29 | 000,369,848 | ---- | C] () -- C:\Windows\System32\drivers\cng.sys.dump
    [2014/03/22 17:32:29 | 000,035,408 | ---- | C] () -- C:\Windows\System32\drivers\crashdmp.sys.dump
    [2014/03/22 17:32:29 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\CompositeBus.sys.dump
    [2014/03/22 17:32:29 | 000,022,096 | ---- | C] () -- C:\Windows\System32\drivers\crcdisk.sys.dump
    [2014/03/22 17:32:29 | 000,019,024 | ---- | C] () -- C:\Windows\System32\drivers\compbatt.sys.dump
    [2014/03/22 17:32:28 | 000,140,864 | ---- | C] () -- C:\Windows\System32\drivers\Classpnp.sys.dump
    [2014/03/22 17:32:28 | 000,037,888 | ---- | C] () -- C:\Windows\System32\drivers\circlass.sys.dump
    [2014/03/22 17:32:28 | 000,015,952 | ---- | C] () -- C:\Windows\System32\drivers\cmdide.sys.dump
    [2014/03/22 17:32:28 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\CmBatt.sys.dump
    [2014/03/22 17:32:27 | 000,430,080 | ---- | C] () -- C:\Windows\System32\drivers\bxvbdx.sys.dump
    [2014/03/22 17:32:27 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys.dump
    [2014/03/22 17:32:27 | 000,070,656 | ---- | C] () -- C:\Windows\System32\drivers\cdfs.sys.dump
    [2014/03/22 17:32:26 | 000,393,728 | ---- | C] () -- C:\Windows\System32\drivers\bthport.sys.dump
    [2014/03/22 17:32:26 | 000,093,696 | ---- | C] () -- C:\Windows\System32\drivers\bthpan.sys.dump
    [2014/03/22 17:32:26 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\BTHUSB.SYS.dump
    [2014/03/22 17:32:26 | 000,056,320 | ---- | C] () -- C:\Windows\System32\drivers\bthmodem.sys.dump
    [2014/03/22 17:32:25 | 000,062,336 | ---- | C] () -- C:\Windows\System32\drivers\BrSerWdm.sys.dump
    [2014/03/22 17:32:25 | 000,034,816 | ---- | C] () -- C:\Windows\System32\drivers\bthenum.sys.dump
    [2014/03/22 17:32:25 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbMdm.sys.dump
    [2014/03/22 17:32:25 | 000,011,904 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbSer.sys.dump
    [2014/03/22 17:32:24 | 000,272,128 | ---- | C] () -- C:\Windows\System32\drivers\BrSerId.sys.dump
    [2014/03/22 17:32:24 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\bridge.sys.dump
    [2014/03/22 17:32:24 | 000,013,568 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltLo.sys.dump
    [2014/03/22 17:32:24 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltUp.sys.dump
    [2014/03/22 17:32:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys.dump
    [2014/03/22 17:32:23 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\blbdrive.sys.dump
    [2014/03/22 17:32:22 | 001,131,008 | ---- | C] () -- C:\Windows\System32\drivers\BCMWL6.SYS.dump
    [2014/03/22 17:32:22 | 000,025,168 | ---- | C] () -- C:\Windows\System32\drivers\battc.sys.dump
    [2014/03/22 17:32:22 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\beep.sys.dump
    [2014/03/22 17:32:21 | 005,342,208 | ---- | C] () -- C:\Windows\System32\drivers\atipmdag.sys.dump
    [2014/03/22 17:32:21 | 000,229,888 | ---- | C] () -- C:\Windows\System32\drivers\b57nd60x.sys.dump
    [2014/03/22 17:32:21 | 000,056,816 | ---- | C] () -- C:\Windows\System32\drivers\avgntflt.sys.dump
    [2014/03/22 17:32:20 | 000,221,696 | ---- | C] () -- C:\Windows\System32\drivers\atikmpag.sys.dump
    [2014/03/22 17:32:19 | 006,380,544 | ---- | C] () -- C:\Windows\System32\drivers\atikmdag.sys.dump
    [2014/03/22 17:32:19 | 000,077,312 | ---- | C] () -- C:\Windows\System32\drivers\AtihdW73.sys.dump
    [2014/03/22 17:32:18 | 003,234,304 | ---- | C] () -- C:\Windows\System32\drivers\athr.sys.dump
    [2014/03/22 17:32:17 | 000,133,056 | ---- | C] () -- C:\Windows\System32\drivers\ataport.sys.dump
    [2014/03/22 17:32:17 | 000,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys.dump
    [2014/03/22 17:32:16 | 000,086,608 | ---- | C] () -- C:\Windows\System32\drivers\arcsas.sys.dump
    [2014/03/22 17:32:16 | 000,076,368 | ---- | C] () -- C:\Windows\System32\drivers\arc.sys.dump
    [2014/03/22 17:32:16 | 000,050,176 | ---- | C] () -- C:\Windows\System32\drivers\appid.sys.dump
    [2014/03/22 17:32:16 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\asyncmac.sys.dump
    [2014/03/22 17:32:15 | 000,159,312 | ---- | C] () -- C:\Windows\System32\drivers\amdsbs.sys.dump
    [2014/03/22 17:32:15 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys.dump
    [2014/03/22 17:32:15 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\amdppm.sys.dump
    [2014/03/22 17:32:15 | 000,032,408 | ---- | C] () -- C:\Windows\System32\drivers\androidusb.sys.dump
    [2014/03/22 17:32:15 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys.dump
    [2014/03/22 17:32:14 | 001,163,328 | ---- | C] () -- C:\Windows\System32\drivers\AGRSM.sys.dump
    [2014/03/22 17:32:14 | 000,055,296 | ---- | C] () -- C:\Windows\System32\drivers\amdk8.sys.dump
    [2014/03/22 17:32:14 | 000,053,312 | ---- | C] () -- C:\Windows\System32\drivers\AMDAGP.SYS.dump
    [2014/03/22 17:32:14 | 000,014,912 | ---- | C] () -- C:\Windows\System32\drivers\amdide.sys.dump
    [2014/03/22 17:32:14 | 000,014,400 | ---- | C] () -- C:\Windows\System32\drivers\aliide.sys.dump
    [2014/03/22 17:32:13 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys.dump
    [2014/03/22 17:32:13 | 000,053,312 | ---- | C] () -- C:\Windows\System32\drivers\AGP440.sys.dump
    [2014/03/22 17:32:13 | 000,049,152 | ---- | C] () -- C:\Windows\System32\drivers\agilevpn.sys.dump
    [2014/03/22 17:32:12 | 000,422,976 | ---- | C] () -- C:\Windows\System32\drivers\adp94xx.sys.dump
    [2014/03/22 17:32:12 | 000,297,552 | ---- | C] () -- C:\Windows\System32\drivers\adpahci.sys.dump
    [2014/03/22 17:32:12 | 000,146,512 | ---- | C] () -- C:\Windows\System32\drivers\adpu320.sys.dump
    [2014/03/22 17:32:11 | 000,274,304 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys.dump
    [2014/03/22 17:32:11 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\acpipmi.sys.dump
    [2014/03/22 17:32:10 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys.dump
    [2014/03/22 17:32:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\1394bus.sys.dump
    [2013/12/15 16:58:37 | 000,012,072 | ---- | C] () -- C:\Windows\System32\drivers\MoborobAssDriver.sys
    [2013/12/04 22:34:14 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
    [2013/12/04 22:34:14 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
    [2013/12/04 21:12:51 | 000,003,012 | ---- | C] () -- C:\Windows\System32\client.ini
    [2013/11/30 22:27:45 | 000,023,088 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2013/11/30 21:52:11 | 000,362,748 | ---- | C] () -- C:\Users\User\AppData\Local\census.cache
    [2013/11/30 21:51:46 | 000,174,615 | ---- | C] () -- C:\Users\User\AppData\Local\ars.cache
    [2013/11/26 19:38:07 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
    [2013/11/20 03:18:07 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2013/11/20 03:18:07 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
    [2013/11/20 03:18:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
    [2013/11/10 15:09:41 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
    [2013/09/18 12:46:53 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/09/18 12:46:52 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/08/22 14:45:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
    [2013/08/22 14:45:21 | 000,697,506 | ---- | C] () -- C:\Windows\System32\perfh007.dat
    [2013/08/22 14:45:21 | 000,149,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
    [2013/08/22 14:45:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
    [2013/08/21 23:29:16 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2013/08/18 22:52:21 | 000,000,115 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
    [2013/08/18 22:52:21 | 000,000,005 | ---- | C] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
    [2012/11/01 20:39:21 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
    [2012/11/01 20:39:21 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
    [2012/07/16 20:40:29 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
    [2010/12/16 18:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/16 03:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2012/12/16 03:44:17 | 000,351,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ST932042 3AS SATA Disk Device
    Partitions: 2
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 225.00GB
    Starting Offset: 32256
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 73.00GB
    Starting Offset: 241305034752
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2013/12/09 23:03:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
    [2014/11/14 01:11:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\7 Sticky Notes
    [2014/11/13 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
    [2015/01/26 15:18:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AdvertismentImages
    [2013/12/15 18:57:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\aignes
    [2013/05/02 21:23:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
    [2014/05/22 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Arc
    [2010/10/22 10:05:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ArcSoft
    [2015/02/09 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ATI
    [2010/10/22 02:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
    [2013/11/18 21:01:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software
    [2011/11/09 06:39:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
    [2014/04/29 12:51:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\canon
    [2014/04/29 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon_Inc_IC
    [2011/10/30 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint
    [2014/03/23 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Comodo
    [2014/09/11 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Convert Audio Free
    [2010/10/22 09:47:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CyberLink
    [2014/04/03 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DivX
    [2015/02/10 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
    [2015/01/17 19:57:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FastStone
    [2015/02/09 19:52:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileAdvisor
    [2010/07/27 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
    [2010/07/27 14:38:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
    [2014/07/21 14:26:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Flickr
    [2013/09/22 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio
    [2014/04/20 12:02:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Free-backup.info
    [2014/09/11 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\freemkvtomp4converter
    [2014/03/22 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hotspot Shield
    [2009/10/24 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
    [2011/07/02 18:27:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
    [2014/11/03 02:11:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LEGO Company
    [2009/10/24 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
    [2014/07/16 08:25:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
    [2012/08/12 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
    [2009/07/14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
    [2014/09/28 02:22:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Player Classic
    [2014/09/14 17:05:34 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
    [2015/02/02 01:08:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MMFApplications
    [2012/07/29 18:04:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moonchild Productions
    [2010/07/27 14:38:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
    [2010/10/22 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nero
    [2012/04/09 00:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
    [2014/12/17 18:16:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
    [2013/07/05 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera Software
    [2015/01/18 17:34:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
    [2015/01/18 15:01:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Planet Imagina
    [2013/11/20 03:23:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerUp Software
    [2014/04/01 21:35:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QFX Software
    [2013/11/26 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
    [2014/04/20 11:56:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickZip
    [2014/05/30 16:50:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RavensburgerTipToi
    [2013/09/14 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Real
    [2014/12/21 11:23:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RoboForm
    [2010/11/15 08:50:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
    [2013/04/11 15:11:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
    [2013/03/21 16:40:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
    [2014/08/25 02:16:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ShamanGS
    [2015/02/10 14:01:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
    [2011/05/29 07:55:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM
    [2011/11/21 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SolidDocuments
    [2015/01/14 01:53:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
    [2014/11/03 20:40:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotydl
    [2013/12/15 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
    [2014/05/11 12:10:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sublime Text 3
    [2012/11/23 14:46:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
    [2014/05/06 00:17:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
    [2011/12/16 05:24:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateTemp1308534806
    [2014/01/23 23:24:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VideoEditor
    [2013/05/26 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc
    [2013/11/10 15:39:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
    [2009/10/24 20:17:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR
    [2014/04/13 13:17:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wondershare
     
    < MD5 for: ATAPI.SYS  >
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T141151466079\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T141151466079\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T141931262519\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T141931262519\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T142729101273\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T142729101273\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T143815931134\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T143815931134\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T144530261600\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T144530261600\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T145416676891\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T145416676891\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T150005311482\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131110T150005311482\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131120T011552435146\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131120T011552435146\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131129T225028791811\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131129T225028791811\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131129T230528930207\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131129T230528930207\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131218T192521431294\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131218T192521431294\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140114T212042083932\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140114T212042083932\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140204T104653044389\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140204T104653044389\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140726T153519937658\internal_ide_channel\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\User\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140726T153519937658\pci\cc_010601\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
    [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
    [2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2011/06/05 19:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/06/05 19:18:33 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2011/06/05 19:18:33 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/06/05 19:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011/06/05 19:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/06/05 19:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
    [2013/09/07 03:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 04:19:58 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\ERDNT\cache\mswsock.dll
    [2013/09/08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\System32\mswsock.dll
    [2013/09/08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
     
    < MD5 for: NAPINSP.DLL  >
    [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
    [2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
     
    < MD5 for: NLAAPI.DLL  >
    [2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
    [2010/11/20 04:20:32 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
    [2012/11/14 02:17:35 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
    [2012/11/14 02:17:35 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\System32\nlaapi.dll
    [2012/11/14 02:17:35 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll
    [2012/11/14 02:17:35 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_69429ba669645226\nlaapi.dll
    [2012/10/18 20:37:28 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=7860BD03A96C99776135AE16EEC2C690 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_69bf69d7828bd85a\nlaapi.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
    [2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll
     
    < MD5 for: PRINTISOLATIONHOST.EXE  >
    [2009/07/14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
    [2009/07/14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe
     
    < MD5 for: SERVICES.EXE  >
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
    [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    [2010/11/20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
    [2010/11/20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
    [2010/11/20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
    [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2014/07/16 03:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
    [2014/07/17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
    [2014/07/17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
    [2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
    [2014/03/04 10:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
    [2014/03/04 11:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
    [2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
     
    < MD5 for: WSHELPER.DLL  >
    [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
    [2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/01/23 12:41:56 | 000,922,160 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/01/23 12:41:56 | 000,922,160 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/01/23 12:41:56 | 000,922,160 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FlashPeak SlimBrowser\InstallInfo\\ReinstallCommand: "C:\Program Files\SlimBrowser\sbframe.exe" -sd
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FlashPeak SlimBrowser\Shell\Open\Command\\: C:\Program Files\SlimBrowser\sbframe.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2014/11/22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2014/11/22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2014/11/22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/11/27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/11/27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Launcher.exe" --showicons [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Launcher.exe" --hideicons [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Launcher.exe" --makedefaultbrowser [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\shell\open\command\\: "C:\Program Files\Opera\Launcher.exe" [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Pale Moon\uninstall\helper.exe" /HideShortcuts [2014/06/08 15:33:10 | 000,852,672 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Pale Moon\uninstall\helper.exe" /ShowShortcuts [2014/06/08 15:33:10 | 000,852,672 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/06/08 15:33:10 | 000,852,672 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\shell\open\command\\: "C:\Program Files\Pale Moon\palemoon.exe" [2014/06/08 15:28:54 | 000,265,848 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\shell\properties\command\\: "C:\Program Files\Pale Moon\palemoon.exe" -preferences [2014/06/08 15:28:54 | 000,265,848 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\shell\safemode\command\\: "C:\Program Files\Pale Moon\palemoon.exe" -safe-mode [2014/06/08 15:28:54 | 000,265,848 | ---- | M] (Moonchild Productions)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/01/23 12:41:56 | 000,922,160 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/01/23 12:41:56 | 000,922,160 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/01/23 12:41:56 | 000,922,160 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2015/01/23 11:37:02 | 000,338,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FlashPeak SlimBrowser\InstallInfo\\ReinstallCommand: "C:\Program Files\SlimBrowser\sbframe.exe" -sd
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FlashPeak SlimBrowser\Shell\Open\Command\\: C:\Program Files\SlimBrowser\sbframe.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/02/04 10:02:55 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2014/11/22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2014/11/22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2014/11/22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/11/27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/11/27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Launcher.exe" --showicons [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Launcher.exe" --hideicons [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Launcher.exe" --makedefaultbrowser [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\OperaStable\shell\open\command\\: "C:\Program Files\Opera\Launcher.exe" [2015/02/02 10:23:41 | 000,487,544 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Pale Moon\uninstall\helper.exe" /HideShortcuts [2014/06/08 15:33:10 | 000,852,672 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Pale Moon\uninstall\helper.exe" /ShowShortcuts [2014/06/08 15:33:10 | 000,852,672 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/06/08 15:33:10 | 000,852,672 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\shell\open\command\\: "C:\Program Files\Pale Moon\palemoon.exe" [2014/06/08 15:28:54 | 000,265,848 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\shell\properties\command\\: "C:\Program Files\Pale Moon\palemoon.exe" -preferences [2014/06/08 15:28:54 | 000,265,848 | ---- | M] (Moonchild Productions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\PALEMOON.EXE\shell\safemode\command\\: "C:\Program Files\Pale Moon\palemoon.exe" -safe-mode [2014/06/08 15:28:54 | 000,265,848 | ---- | M] (Moonchild Productions)
     
    < %systemroot%\system32\*.dll /lockedfiles >
    [2010/06/17 09:00:16 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
    [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2010/11/20 04:17:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
    [2009/07/14 02:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
    [2009/07/13 17:38:48 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\de-DE\wordpad.exe.mui
    [2009/07/14 03:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
    [2009/07/14 03:59:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\zh-CN\wordpad.exe.mui
    [2009/07/14 02:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
    [2009/06/10 22:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
    [2009/06/10 22:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
    [2009/06/10 22:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
    [2009/06/10 22:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
    [2009/06/10 22:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
    [2009/06/10 22:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
    [2009/06/10 22:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
    [2009/07/13 17:43:52 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\de-DE\TableTextService.dll.mui
    [2009/07/14 03:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
    [2009/07/14 03:49:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\zh-CN\TableTextService.dll.mui
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 83 bytes -> C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
    @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

    < End of report >


    • 0

    #8
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    Extras.Txt:

    OTL Extras logfile created on: 10/02/2015 14:21:00 - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17501)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
     
    3.50 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 45.23% Memory free
    6.99 Gb Paging File | 4.89 Gb Available in Paging File | 69.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224.73 Gb Total Space | 124.45 Gb Free Space | 55.38% Space Free | Partition Type: NTFS
    Drive D: | 628.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 73.36 Gb Total Space | 58.15 Gb Free Space | 79.27% Space Free | Partition Type: NTFS
     
    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .scr [@ = AutoCADScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
    https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- "C:\Program Files\File Type Advisor\fileadvisor.exe" /info "%1" (File Type Advisor)
    Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" (FastStone Soft)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07C61C74-A542-4779-BC66-7FB0F231AF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0B4B0592-6934-4AEC-BBAD-BC533A78180C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{14FC3CCA-2508-4EDA-9DD9-1504DDA7FAC7}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{150524EE-B715-4EF9-A34A-2FA27657BA9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{1F8F43D0-AE21-4D2F-B4D4-14F65ABC6E45}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{22B7523C-FD11-4418-908B-BC572CE32896}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{285F2784-11EE-4B35-8E2B-77EA530ECDAB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
    "{3067868C-D9D7-45CC-AA17-2BD96E0CF25E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{31EDE56D-583D-48B1-A9EE-B734482221E0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3B783F1C-A98D-4FB2-A0DE-ADD52F24F746}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4105292E-4B5D-4092-86F9-DD54781FFF52}" = lport=137 | protocol=17 | dir=in | app=system |
    "{48B9CF93-2BA6-42E7-9995-7A713F16172F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B34FFC2-5374-4B9A-BF60-6864E6B61C16}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5076F006-4872-4CD9-A914-FA050DC44134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{54600A98-5BC1-4D00-A024-F4775DDA56B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{59817A93-6301-49F2-BF12-D32F0F714542}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5B428C76-0303-45DC-A725-5E9F2BD19E83}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5D244E71-D03F-4034-BC6D-EDA193BB22A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{62E4E5F3-DDAF-4064-BDCD-2E241709154F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6441F7F4-6196-4E48-8C47-1BDFEE969D87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{66B01EF1-B166-4761-B8EA-DED0315176BC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{688686CC-6C7C-4D0F-9892-500DFA3E247F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7EF2A3F3-2ED6-4D63-9631-748CB36EC11A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8C460082-BC73-4192-B02F-CC3C031ADBA3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{90A11075-C639-4E31-867A-C26531F53050}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9D6F358B-BFCD-491E-94D5-6D1359FAA6B5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A08F19AC-829D-4F07-996B-0E8286052BE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A2C007FB-235F-4343-B070-8C95158E295D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A59A606A-719E-4118-A706-1DF7B77583D2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A97AB8C1-2756-4920-9558-11A15EBC19DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{A9F44E4D-28B9-47A8-9DDE-C7519F917A6D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{CA235FB1-E3CE-4757-A992-10AE88140288}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{CDEC3CEA-8A47-402E-8C34-65E3499663DB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{CFB9F7D3-BB27-48CB-AC4A-4A00C20D54D6}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F9601372-8481-45E8-895C-3079D6CCBC13}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{FB714D14-4E96-4994-8C69-0ED64C9E29C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01EF9A58-D277-4330-9B3A-90885372813E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{02B380E4-F814-4A24-9503-38B772DC0593}" = protocol=17 | dir=in | app=c:\program files\moborobo\moborobo pc suite.exe |
    "{0321E137-142E-4547-825E-4EEC5B3D0721}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
    "{05211AF6-3958-40A4-BC52-260A9B1E964D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{06146950-7F7A-454C-A8B5-7B88D2221210}" = protocol=6 | dir=in | app=c:\program files\moborobo\moborobo pc suite.exe |
    "{0B524571-D124-40AB-AC0A-DF6D71025544}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{10689B4E-61F2-4AA7-BA38-649FF4ADA61D}" = protocol=6 | dir=in | app=g:\elsword\data\x2.exe |
    "{114B8D0B-4D9E-4785-9F42-32668C2B0312}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{20BD4472-F4D3-4AAC-9FF9-2C55A5689885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{28DBA760-E0FA-4716-9B88-22C8753DF9DF}" = protocol=17 | dir=in | app=g:\elsword\data\x2.exe |
    "{2A1702E6-2306-4C53-8EF1-8CE2578857CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{2C001D39-F521-4AD6-95EE-762828C2EB44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2FE96B01-3F9E-49F8-AC71-02288C60EEFA}" = protocol=17 | dir=in | app=c:\program files\pale moon\palemoon.exe |
    "{3FE7FFA0-92E5-42EB-8906-23871A27F32D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4021AB22-E7B9-42E8-AF8C-F3CBE237B935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{468A5075-75DF-4FF5-A5D1-0EC56A34049C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{4C7A5628-18B4-4B68-B28E-C8812990CE3F}" = dir=out | app=c:\users\user\appdata\local\temp\nsue83e.tmp\cnetinstaller-10316201.exe |
    "{5CDC8FCB-9341-4F7F-AEB5-B73948B2D256}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{610C71EA-802F-4F8F-92A8-3BB952648D79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6531AD0D-6328-4847-890D-F5F24E4E6D42}" = protocol=1 | dir=in | [email protected],-28543 |
    "{65EEE7D9-C8D7-496B-B305-158BCDEC719B}" = protocol=1 | dir=out | [email protected],-28544 |
    "{67C58965-6DA9-44CB-BB5B-3D2B20C92DA5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{6F41012A-7B63-4AE8-AD55-B85564E6839A}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{703B0FFB-AF39-47CF-8587-FF77C7F48AEE}" = dir=out | app=c:\users\user\appdata\local\temp\nsw8b60.tmp\cnetinstaller-187723.exe |
    "{73081F42-C6FF-4A18-B933-A8D5877E60DC}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{735113FE-06D8-44E3-AB60-8B11C5F0B984}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{762CEA92-7A9D-4C44-ACB0-96B681E8253A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{82E4872F-D2C5-423C-ACDD-5705EB68B6DC}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "{8BA38A55-F411-46DF-B4FD-CAFCCECDADFB}" = dir=out | app=c:\users\user\appdata\local\temp\nsec0d0.tmp\cnetinstaller-10316201.exe |
    "{8DD9E897-6518-4353-8845-52B0CD00094F}" = protocol=58 | dir=in | [email protected],-28545 |
    "{91D3638E-2C1A-49B4-965F-14D1AD98BC17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{92A17350-2013-40FA-9096-08B8AB0EAA11}" = dir=in | app=c:\users\user\appdata\local\temp\nsw8b60.tmp\cnetinstaller-187723.exe |
    "{92CE2633-DC11-4F4D-B801-C37BB35CE06A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{95F484B0-209C-44D5-874C-FE1735A539E5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{97CF0871-2934-43E2-B191-59DC4ED8CC96}" = protocol=6 | dir=out | app=system |
    "{9A66E35E-514B-4987-89C7-802CA440A5F2}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
    "{A28332EE-1BDB-4F9D-98DA-1DDF68CD88AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A421A3F3-880B-4133-A4E1-2457C2D79418}" = dir=in | app=c:\users\user\appdata\local\temp\nsec0d0.tmp\cnetinstaller-10316201.exe |
    "{A7180D2F-05FE-405C-89AB-8D3B00244E88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB4A0AFB-95CA-49DC-9593-1E361CBC3C35}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
    "{BA5A5963-1BE4-4F6D-B18B-CB33B984C070}" = dir=in | app=c:\users\user\appdata\local\temp\nsue83e.tmp\cnetinstaller-10316201.exe |
    "{BC78AEBE-C92A-4C07-B100-05CBA6E2F4B2}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
    "{C14E6B92-B505-4BB7-B3B5-1DE6F8C5D7A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{C3ADB1D9-1EC6-49C2-A9F7-345023EB15D6}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
    "{C7E6D737-0919-4D73-B5B9-C6E2BFEC5FE9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{C9634DAB-4C85-49CF-B19F-19BAA7C42C58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CDCB4A86-02B3-4759-8287-DA98D9A41119}" = protocol=6 | dir=in | app=c:\program files\pale moon\palemoon.exe |
    "{CFD7B10D-AC70-41D6-8615-207949037D9A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{D21B03F5-D055-419C-BFB5-C8B23A536CAE}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
    "{D414B189-BF28-4F72-9FBF-F984BE3ED8F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D70DBF8E-52EB-408C-B8A9-FE5760D8B158}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
    "{D978F408-280A-4EA8-A135-D4D19035A6DE}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "{E631CCA6-8D77-4915-8536-23C2997466A2}" = protocol=58 | dir=out | [email protected],-28546 |
    "{F14CCCD1-4B51-4570-950A-50D09A48DE9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F16C170E-9F3B-4AA7-B963-11CE82E133CB}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{FBADECE6-B30E-4224-8D25-2EE61A21A99A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FBB383DE-C765-4E38-A6D7-64AA57C47639}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{FD57BCC1-C3FA-419F-AA07-5B0FEFED3115}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{2289277F-0AE4-4596-9A42-400710F53A71}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{26137B51-4629-4D4A-B186-6DD3BB5D36FF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{2FCB800B-7EE7-418A-9DA7-A2DD8CAA1397}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{39A2EF80-133F-42A3-A82F-8D4BFDC8672F}G:\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=g:\neverwinter_en\neverwinter\live\gameclient.exe |
    "TCP Query User{8AB39849-D72F-4033-97A5-41D02D428C33}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
    "TCP Query User{A94D96D8-C489-47F4-88AC-830D4BF8831E}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{B55AE4A2-573D-4500-BC32-60714AD245CE}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{D1AF1CA2-0554-48C1-B53D-2BCCB516887C}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{E7E8F237-3A85-4150-BB37-0AC7C870E444}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{EBE7CDD6-43F7-4178-A42B-A26ED480F2D7}G:\star trek online_en\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=g:\star trek online_en\star trek online\live\gameclient.exe |
    "UDP Query User{0DEDD1F4-F5A1-49B9-A478-3888C6B69AA4}G:\star trek online_en\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=g:\star trek online_en\star trek online\live\gameclient.exe |
    "UDP Query User{16EEFC3B-618C-4344-8C7D-91DA55962361}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{19F1B7C4-5097-4323-8E66-38F8C0B283B9}G:\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=g:\neverwinter_en\neverwinter\live\gameclient.exe |
    "UDP Query User{4FD12FC9-358E-44F4-AB96-AC4C373A26B7}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{554F0595-F26A-47A5-805F-8F158EBC9D8A}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{6313C556-7AC4-427F-BA61-FB81A2876D88}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{AF993CAC-8420-4820-82BA-D874CF0B858A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{B4986CC4-63CB-4A9A-B430-A07BF9610DAE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{BC34D886-A83A-4E06-A550-F0B905FEC43B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{C5CE3F1D-4DA1-4883-AEA4-CB36CA2068B6}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
    "{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
    "{0680FE0B-DEBA-419F-A0AC-8D990F32DE60}" = AVG 2013
    "{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
    "{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
    "{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{121A3F18-E386-B7EF-CEEB-32864884E594}" = AMD Catalyst Install Manager
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}" = paint.net
    "{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21BB2D6D-8ED8-47DC-8146-48104DDE3262}" = Super Granny 4
    "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
    "{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
    "{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
    "{2B6B4042-E323-1582-E3FD-DF973C3E5891}" = Catalyst Control Center InstallProxy
    "{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1" = 7 Sticky Notes
    "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    "{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
    "{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
    "{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
    "{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
    "{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
    "{5C6C0192-BA75-4932-8931-B2FF88346E49}" = Stay On Top
    "{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
    "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
    "{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{783E0AD7-C128-4398-9F74-99D3EFF2875D}" = Deep Space Nine  The Fallen
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
    "{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
    "{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{96D12EC9-720B-45FB-904C-36D6307A1C76}" = HP Support Solutions Framework
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
    "{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
    "{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
    "{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
    "{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
    "{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
    "{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
    "{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
    "{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
    "{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator
    "{E4E3B633-D985-8CCA-80C4-5283F99E17F1}" = ccc-utility
    "{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
    "{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
    "{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
    "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1" = PixBuilder Studio 2.2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
    "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
    "Adobe Flash Player PPAPI" = Adobe Flash Player 16 PPAPI
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.1
    "AI RoboForm" = RoboForm 7-9-11-5 (All Users)
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "dips64" = Desktop Icon Position Saver (64-bit)
    "DivX Setup" = DivX Setup
    "ESET Online Scanner" = ESET Online Scanner v3
    "FastStone Image Viewer" = FastStone Image Viewer 5.3
    "File Type Advisor_is1" = File Type Advisor 1.3
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 8.4
    "Free YouTube to MP3 Converter Studio_is1" = Free YouTube to MP3 Converter Studio 8.2
    "GIMP-2_is1" = GIMP 2.8.14
    "Google Chrome" = Google Chrome
    "HotspotShield" = Hotspot Shield 3.42
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "KeyScrambler" = KeyScrambler
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
    "ManyCam" = ManyCam 3.0.91 (remove only)
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MostFun.com Games - Super Granny 4" = MostFun.com Games - Super Granny 4 (remove only)
    "Mozilla Firefox 35.0.1 (x86 en-GB)" = Mozilla Firefox 35.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Opera 23.0.1522.60" = Opera Stable 23.0.1522.60
    "Opera 27.0.1689.66" = Opera Stable 27.0.1689.66
    "Pale Moon 24.6.1 (x86 en-US)" = Pale Moon 24.6.1 (x86 en-US)
    "PhotoScape" = PhotoScape
    "QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
    "Ravensburger tiptoi" = Ravensburger tiptoi
    "Screen Highlighter_is1" = Screen Highlighter 1.0
    "Secunia PSI" = Secunia PSI (3.0.0.9015)
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "Sublime Text 3_is1" = Sublime Text Build 3059
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Software Update" = Yahoo! Software Update
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Amazon Amazon Music" = Amazon Music
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox
    "Five Nights at Freddy's DEMO" = Five Nights at Freddy's DEMO
    "HappyCloud" = Happy Cloud Client
    "MyFreeCodec" = MyFreeCodec
    "MyPaint" = MyPaint 1.0.0
    "Screencast-O-Matic" = Screencast-O-Matic
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player
     
    < End of report >

     

     

    Thanks, Ron.


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Have you ever used a program called Folder Lock?

     

    Did you install VS10RuntimeWin32 (Version: 1.0.0 - immunet)?

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    You have several drivers that I do not trust.  Let's use Autoruns to temporarily turn them off in case they do something important.
     
    Get autoruns from
     
    Download Save and Run the program by right clicking and Run As Admin.   Under the Drivers tab (or maybe under Services) find:
     
    apf003; C:\Windows\system32\apf003.sys 
     
    windrvNT; C:\Windows\system32\windrvNT.sys
     
    BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS
     
    and uncheck each.  Then close Autoruns.
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    1. Click the Super-r (aka Windows-R) key combination to open the run dialog.
    2. Type msconfig.exe.
    3. Click either OK or the Enter key to run the command.

    Once the msconfig tool is opened, click the Boot tab check the box for Boot Log, and click OK.

     
    Reboot. 
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    1. Click the Super-r (aka Windows-R) key combination to open the run dialog.  Type:
    notepad  \windows\ntbtlog.txt

    and hit Enter.  Notepad should open.  Copy the text from notepad and paste it into a reply.

     

     

     

    Let me know if anything stopped working.

     

     


    • 0

    #10
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    I might have used Folder Lock before but it's some time ago so I'm not sure.
    Can't remember ever installing VS10Runtimewin32, this computer is second hand tho and the programme might have been on it when I purchased the computer.
     
    FRST log:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
    Ran by User at 2015-02-10 16:57:40 Run:1
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available profiles: User)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
    VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
    Task: {04E861FD-AE2D-4536-972A-9CBC5D1A46B5} - System32\Tasks\{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3} => D:\Setup.exe [2000-10-05] (InstallShield Software Corporation)
    Task: {377645D7-BADA-4E0E-AD5B-C7D00FEE7171} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {3A6520B3-0426-44D3-B409-796B928DAB32} - System32\Tasks\{EF9E28E4-BEED-4229-8760-020756DA18C3} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    Task: {4025D84B-DA4C-44AE-923E-7CC6A0CD655E} - System32\Tasks\{93F49872-654E-438E-9457-172EA0309781} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    Task: {447799E1-DB8F-4DAE-80B8-A9EC0F829F5B} - System32\Tasks\{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF} => pcalua.exe -a "C:\Users\User\Downloads\framxprozip\Install FreeRAM XP Pro 1.52.exe" -d C:\Users\User\Downloads\framxprozip
    Task: {4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} - System32\Tasks\{6B61C2C6-83AC-410A-8D14-9DC18276731C} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 4\temp\vcredist.exe" -d "C:\Program Files\IObit\Advanced SystemCare 4" -c /quiet /norestart
    Task: {6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Handler: linkscanner - No CLSID Value -
    FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    CHR HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Chrome\Extension: [ekekpckhcfhhaagbmdeimlipagihocje] - C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx [Not Found]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    S2 adfs; No ImagePath
    S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
    S3 pmem; \??\C:\Users\User\AppData\Local\Temp\_MEI20402\drivers\winpmem32.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
    S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
    S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]




    *****************

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => Value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => Value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => Value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => Value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21BB2D6D-8ED8-47DC-8146-48104DDE3262}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{933B4015-4618-4716-A828-5289FC03165F}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3921A67A-5AB1-4E48-9444-C71814CF3027}\\SystemComponent => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}\\SystemComponent => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E861FD-AE2D-4536-972A-9CBC5D1A46B5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E861FD-AE2D-4536-972A-9CBC5D1A46B5}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377645D7-BADA-4E0E-AD5B-C7D00FEE7171}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377645D7-BADA-4E0E-AD5B-C7D00FEE7171}" => Key deleted successfully.
    C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A6520B3-0426-44D3-B409-796B928DAB32}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6520B3-0426-44D3-B409-796B928DAB32}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{EF9E28E4-BEED-4229-8760-020756DA18C3} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF9E28E4-BEED-4229-8760-020756DA18C3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4025D84B-DA4C-44AE-923E-7CC6A0CD655E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4025D84B-DA4C-44AE-923E-7CC6A0CD655E}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{93F49872-654E-438E-9457-172EA0309781} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93F49872-654E-438E-9457-172EA0309781}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{447799E1-DB8F-4DAE-80B8-A9EC0F829F5B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447799E1-DB8F-4DAE-80B8-A9EC0F829F5B}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{6B61C2C6-83AC-410A-8D14-9DC18276731C} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B61C2C6-83AC-410A-8D14-9DC18276731C}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F}" => Key deleted successfully.
    C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core" => Key deleted successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
    "HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
    "HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
    "HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
    C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully.
    "HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Google\Chrome\Extensions\ekekpckhcfhhaagbmdeimlipagihocje" => Key deleted successfully.
    McComponentHostService => Service deleted successfully.
    adfs => Service deleted successfully.
    catchme => Service deleted successfully.
    EagleXNt => Service deleted successfully.
    pmem => Service deleted successfully.
    RimUsb => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    WinRing0_1_2_0 => Service deleted successfully.
    XDva405 => Service deleted successfully.
    XDva409 => Service deleted successfully.

    ==== End of Fixlog 16:57:42 ====


    • 0

    Advertisements


    #11
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    FRST addition:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
    Ran by User at 2015-02-10 17:06:43
    Running from C:\Users\User\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
    AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
    Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
    Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
    AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    AVG 2013 (HKLM\...\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}) (Version: 13.0.2741 - AVG Technologies)
    AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
    AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    ccc-core-static (Version: 2010.0617.855.14122 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
    Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
    Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
    Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
    FastStone Image Viewer 5.3 (HKLM\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
    File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
    Five Nights at Freddy's DEMO (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Five Nights at Freddy's DEMO) (Version:  - )
    Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
    Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
    Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
    HP Support Solutions Framework (HKLM\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
    iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
    K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    ManyCam 3.0.91 (remove only) (HKLM\...\ManyCam) (Version: 3.0.91 - ManyCam LLC)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
    Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
    MyPaint 1.0.0 (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
    Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
    Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
    Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
    Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
    Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
    paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
    Pale Moon 24.6.1 (x86 en-US) (HKLM\...\Pale Moon 24.6.1 (x86 en-US)) (Version: 24.6.1 - Moonchild Productions)
    PhotoScape (HKLM\...\PhotoScape) (Version:  - )
    PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
    Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
    Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
    RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
    Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
    Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
    Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
    SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
    SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
    Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
    Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
    Super Granny 4 (HKLM\...\{21BB2D6D-8ED8-47DC-8146-48104DDE3262}) (Version: 3.4.16.27 - Sandlot)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
    swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    VBA (2627.01) (HKLM\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation)
    VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc)
    VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG)
    VS10RuntimeWin32 (HKLM\...\{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}) (Version: 1.0.0 - immunet)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
    ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    08-02-2015 19:00:08 Windows Backup
    09-02-2015 02:18:18 Installed HP Support Solutions Framework
    10-02-2015 13:36:14 Windows Update
    10-02-2015 14:24:09 OTL Restore Point - 10/02/2015 14:24:07

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
    Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
    Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
    Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
    Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
    Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
    Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {528AC02D-D334-4AB8-BD2B-78F8F839DA58} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
    Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
    Task: {6B0E942B-0495-4EF7-AEDD-9569A16DA9FB} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
    Task: {6CC9CD40-24B3-437D-A95F-AA42A7ED2179} - System32\Tasks\{4F269D7E-F484-4872-B125-69A22B1D578E} => D:\dx7ager.exe [2000-12-04] (Microsoft Corporation)
    Task: {74458643-781C-4690-A8D0-792BAAAB7F6F} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
    Task: {7EB660CE-8E8C-4552-9102-38BF0F931FB6} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
    Task: {84C33C9B-2486-4F46-A898-F1A14640A101} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
    Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
    Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
    Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
    Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {93DA04AE-DC95-41E6-88E1-CC5D550726C6} - System32\Tasks\{963698A4-DBC2-4787-B04A-F72E38679091} => D:\Setup.exe [2000-10-05] (InstallShield Software Corporation)
    Task: {9532703A-89D8-44B9-A93F-57991BCF286E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
    Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
    Task: {A0EF1356-998E-4904-81C0-8B04180F6F8C} - System32\Tasks\{37CBC58E-1076-4FF5-B7E8-70E8F2C90ACF} => pcalua.exe -a D:\dx7ager.exe -d D:\
    Task: {A0FFA0F9-D5C1-43EB-B9EC-E86857BBCBF8} - System32\Tasks\{F23DC048-0487-44E4-B4BA-8AB1816562FF} => D:\dx7ager.exe [2000-12-04] (Microsoft Corporation)
    Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
    Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
    Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
    Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
    Task: {C236B0BA-C3DE-438D-BA39-848CF163193A} - System32\Tasks\Opera scheduled Autoupdate 1392134183 => C:\Program Files\Opera\launcher.exe [2015-02-02] (Opera Software)
    Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
    Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {D66CDB5C-EE69-418D-9BCE-AA81BA27D69F} - System32\Tasks\{3C9EE13C-A6BE-44EA-90B1-CDB1D5FE6C83} => D:\dx7ager.exe [2000-12-04] (Microsoft Corporation)
    Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
    Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
    Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
    Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
    Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
    Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
    Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
    Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
    Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-02-10 13:30 - 2015-02-10 13:30 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15021000\algo.dll
    2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
    2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
    2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-10 13:52 - 2015-02-10 13:52 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt9h_v1.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2010-06-10 16:42 - 2010-06-10 16:42 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2015-02-09 21:05 - 2015-02-09 21:05 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
    2015-02-06 22:33 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
    AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
    MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
    MSCONFIG\startupreg: Amazon Music => "C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
    MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
    MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
    MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
    MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
    MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
    MSCONFIG\startupreg: Screen Highlighter => C:\Program Files\Screen Highlighter\shl.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
    Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
    User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Faulty Device Manager Devices =============

    Name: adfs
    Description: adfs
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: adfs
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/10/2015 04:11:34 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (02/10/2015 04:11:34 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\keyscrambler\x64\KeyScrambler.exe


    ==================== Memory info ===========================

    Processor: AMD Athlon™ II P320 Dual-Core Processor
    Percentage of memory in use: 50%
    Total physical RAM: 3578.9 MB
    Available physical RAM: 1755.76 MB
    Total Pagefile: 7156.09 MB
    Available Pagefile: 5161.1 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.19 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:224.73 GB) (Free:123.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DS9 The Fallen) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
    Drive g: () (Fixed) (Total:73.36 GB) (Free:58.08 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
    Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #12
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    FRST :

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
    Ran by User (administrator) on USER-PC on 10-02-2015 17:05:34
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available profiles: User)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    () C:\Program Files\Hotspot Shield\bin\hsswd.exe
    (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    (Secunia) C:\Program Files\Secunia\PSI\psia.exe
    (Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Secunia) C:\Program Files\Secunia\PSI\sua.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
    (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (McAfee, Inc.) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe.xBAD
    (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
    (J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
    (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
    HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [RtkOSD] => C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe [907264 2010-02-05] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
    ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    BootExecute: autocheck autochk * bootdelete

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
    FF Homepage: https://my.yahoo.com/
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
    FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
    FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
    FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
    FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
    FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
    FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
    FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
    FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
    FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
    FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
    FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
    FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
    FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
    FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\jid1-dgnIBw[email protected] [2014-12-13]
    FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
    FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
    FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
    FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
    FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
    FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
    FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
    FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
    FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
    FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
    FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
    FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
    FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
    FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
    FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
    FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-01-27]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
    FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
    FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
    FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
    CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
    CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
    CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
    CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
    CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
    CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - No Path
    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]

    Opera:
    =======
    OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
    OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
    OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
    OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
    OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
    OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
    OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
    OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
    OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
    OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
    OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
    OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
    OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
    OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
    OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
    OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
    R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-07] (ArcSoft Inc.)
    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
    R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
    R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
    S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-07-26] (Realtek Semiconductor.) [File not signed]
    R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
    S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5340160 2010-06-17] (ATI Technologies Inc.)
    S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
    R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
    S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
    R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
    R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-10] ()
    S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
    R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
    R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 16:55 - 2015-02-10 16:55 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\autoruns.exe
    2015-02-10 14:55 - 2015-02-10 14:55 - 00358356 _____ () C:\Users\User\Desktop\OTL.Txt
    2015-02-10 14:55 - 2015-02-10 14:55 - 00076068 _____ () C:\Users\User\Desktop\Extras.Txt
    2015-02-10 14:13 - 2015-02-10 14:14 - 00037655 _____ () C:\Users\User\Desktop\Addition.txt
    2015-02-10 14:12 - 2015-02-10 17:06 - 00034345 _____ () C:\Users\User\Desktop\FRST.txt
    2015-02-10 14:12 - 2015-02-10 17:05 - 00000000 ____D () C:\FRST
    2015-02-10 14:11 - 2015-02-10 14:11 - 01124352 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
    2015-02-10 14:05 - 2015-02-10 14:05 - 00002330 _____ () C:\Users\User\Desktop\JRT.txt
    2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
    2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
    2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
    2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
    2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
    2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
    2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
    2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
    2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
    2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
    2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
    2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
    2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
    2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
    2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
    2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
    2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
    2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
    2015-02-09 00:11 - 2015-02-09 00:11 - 11780600 _____ () C:\Users\User\Desktop\Dana Fredsti.mp4
    2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
    2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-06 22:27 - 2015-02-06 22:28 - 39690816 _____ () C:\Users\User\Desktop\Firefox Setup 35.0.1.exe
    2015-02-06 22:01 - 2015-02-06 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
    2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
    2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
    2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
    2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications
    2015-02-02 00:57 - 2015-02-02 00:57 - 00001095 _____ () C:\Users\User\Desktop\Five Nights at Freddy's DEMO.lnk
    2015-02-02 00:57 - 2015-02-02 00:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's DEMO
    2015-02-02 00:56 - 2015-02-02 00:57 - 00000000 ____D () C:\Program Files\Five Nights at Freddy's DEMO
    2015-01-27 15:31 - 2015-02-06 22:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-27 01:57 - 2015-01-27 01:57 - 00001069 _____ () C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
    2015-01-25 17:11 - 2015-01-25 17:11 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-01-18 21:32 - 2015-02-03 18:55 - 00000000 ____D () C:\Users\User\Desktop\CafePress
    2015-01-18 16:50 - 2015-01-18 16:50 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2015-01-18 16:50 - 2015-01-18 16:50 - 00001136 _____ () C:\Users\Public\Desktop\paint.net.lnk
    2015-01-18 16:49 - 2015-01-18 16:51 - 00000000 ____D () C:\Users\User\AppData\Local\paint.net
    2015-01-18 16:49 - 2015-01-18 16:50 - 00000000 ____D () C:\Program Files\paint.net
    2015-01-18 15:32 - 2015-01-18 15:32 - 00003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
    2015-01-18 15:04 - 2015-01-18 15:04 - 00000000 ____D () C:\Users\User\Documents\Imagina
    2015-01-18 15:01 - 2015-01-18 15:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Planet Imagina
    2015-01-18 14:33 - 2015-01-18 14:33 - 00001007 _____ () C:\Users\User\Desktop\GIMP 2.lnk
    2015-01-18 14:32 - 2015-01-18 14:32 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2015-01-18 14:29 - 2015-01-18 14:32 - 00000000 ____D () C:\Program Files\GIMP 2
    2015-01-17 19:57 - 2015-01-17 19:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\FastStone
    2015-01-17 19:56 - 2015-01-17 19:56 - 00001023 _____ () C:\Users\Public\Desktop\FastStone Image Viewer.lnk
    2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
    2015-01-17 19:56 - 2015-01-17 19:56 - 00000000 ____D () C:\Program Files\FastStone Image Viewer
    2015-01-14 11:09 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 11:09 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 11:08 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 11:08 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 11:08 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 11:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 00:54 - 2015-01-13 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-01-12 14:50 - 2015-02-08 20:46 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
    2015-01-12 14:11 - 2015-01-12 14:50 - 00000000 ____D () C:\Users\User\Documents\MyPaint
    2015-01-11 03:42 - 2015-01-02 23:58 - 00000508 _____ () C:\Users\User\Documents\Backup-codes-janjimoni google account.txt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 16:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-10 16:07 - 2009-10-24 19:57 - 01184894 _____ () C:\Windows\WindowsUpdate.log
    2015-02-10 14:01 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
    2015-02-10 13:57 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 13:57 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 13:52 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
    2015-02-10 13:52 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
    2015-02-10 13:50 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
    2015-02-10 13:50 - 2013-11-10 15:09 - 00000384 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
    2015-02-10 13:49 - 2014-08-19 23:25 - 00016782 _____ () C:\Windows\setupact.log
    2015-02-10 13:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
    2015-02-10 13:36 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
    2015-02-10 13:36 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
    2015-02-10 13:36 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-09 21:28 - 2013-12-15 19:30 - 10288128 ___SH () C:\Users\User\Desktop\Thumbs.db
    2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-02-09 20:46 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
    2015-02-09 19:52 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
    2015-02-09 19:52 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\File Type Advisor
    2015-02-09 11:58 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
    2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
    2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
    2015-02-09 11:52 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2015-02-09 11:06 - 2009-07-14 05:33 - 02527296 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 04:02 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-09 03:50 - 2012-05-17 17:50 - 00110824 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-08 20:44 - 2013-09-07 20:45 - 00086016 ____H () C:\Users\User\Desktop\photothumb.db
    2015-02-07 14:31 - 2014-08-19 23:25 - 00037100 _____ () C:\Windows\PFRO.log
    2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-05 20:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-05 20:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
    2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
    2015-02-03 16:36 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
    2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
    2015-01-30 10:15 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
    2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp
    2015-01-27 17:56 - 2014-09-23 14:59 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
    2015-01-27 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
    2015-01-27 15:28 - 2012-10-31 21:46 - 00204800 ___SH () C:\Users\User\Documents\Thumbs.db
    2015-01-27 15:19 - 2013-09-23 18:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
    2015-01-27 03:58 - 2014-05-19 12:10 - 00000000 ___RD () C:\Users\User\Desktop\Moi
    2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
    2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\Free M4a to MP3 Converter
    2015-01-26 20:48 - 2013-09-10 12:45 - 00001413 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-26 15:18 - 2014-05-24 16:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\AdvertismentImages
    2015-01-25 17:10 - 2014-10-16 16:52 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-01-25 17:10 - 2014-10-16 16:52 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-01-25 17:10 - 2014-10-16 16:52 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-01-25 17:10 - 2014-10-16 16:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-01-25 17:10 - 2014-04-19 11:16 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-25 17:10 - 2011-08-18 20:32 - 00000000 ____D () C:\Program Files\Java
    2015-01-18 23:16 - 2011-12-09 15:12 - 00000000 ____D () C:\output
    2015-01-18 19:52 - 2013-09-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
    2015-01-18 17:34 - 2011-02-09 17:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\PhotoScape
    2015-01-18 16:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-01-18 16:47 - 2012-05-06 20:10 - 00000000 ____D () C:\Users\User\Documents\Einstein in 1952 wrote that the word “God” is nothing _ Who Has This Imagination_files
    2015-01-18 16:06 - 2014-07-05 11:13 - 00000000 ____D () C:\Users\User\.gimp-2.8
    2015-01-18 14:24 - 2014-06-21 09:51 - 00000000 ___RD () C:\Users\User\Desktop\Stalks
    2015-01-15 02:39 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 02:27 - 2011-11-21 17:38 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 01:53 - 2014-11-03 20:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
    2015-01-13 00:55 - 2009-10-24 20:48 - 00000000 ____D () C:\Program Files\QuickTime Alternative
    2015-01-13 00:20 - 2011-11-19 03:08 - 00000000 ____D () C:\Users\User\Documents\extensions
    2015-01-11 14:44 - 2014-11-28 00:11 - 00000000 ____D () C:\Program Files\FreeAlarmClock
    2015-01-11 03:47 - 2014-12-06 20:29 - 00000000 ___RD () C:\Users\User\Desktop\myGov

    ==================== Files in the root of some directories =======

    2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
    2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
    2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
    2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
    2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
    2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
    2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
    2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    Files to move or delete:
    ====================
    C:\Users\User\jagex_cl_runescape_LIVE.dat
    C:\Users\User\random.dat


    Some content of TEMP:
    ====================
    C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt9h_v1.dll
    C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
    C:\Users\User\AppData\Local\temp\Quarantine.exe
    C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
    C:\Users\User\AppData\Local\temp\SkypeSetup.exe
    C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
    C:\Users\User\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 18:37

    ==================== End Of Log ============================


    • 0

    #13
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    1st VEW log:

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 10/02/2015 17:26:52

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/02/2015 16:20:46
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 10/02/2015 16:19:57
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0

    #14
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    2nd VEW log:

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 10/02/2015 17:31:40

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 10/02/2015 16:21:20
    Type: Error Category: 0
    Event: 0 Source: SetupARService
    Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.    at SetupAfterRebootService.SetupARService.OnStart(String[] args)    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 10/02/2015 16:25:13
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <csc://{S-1-5-21-4165335087-975643669-458432890-1000}/> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
        The object was not found.  (HRESULT : 0x80041201) (0x80041201)


    Log: 'Application' Date/Time: 10/02/2015 16:19:51
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-4165335087-975643669-458432890-1000:
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\Root
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Policies\Microsoft\SystemCertificates
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\My
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\CA
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\trust
    Process 1084 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\SystemCertificates\Disallowed
     


    • 0

    #15
    janji

    janji

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 210 posts

    So far all seems to be working fine, thanks xx


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP