Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer hacked


  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Apparently the instructions are for XP and there have been some changes made for Windows 7.  See if you have

 

C:\Windows\System32\config\RegBack

 

it appears that  is where the files are in 7.


  • 0

Advertisements


#77
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Yup, that's how it looks like,

20150225_174641.jpg


  • 0

#78
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The files without extensions are the ones you need to copy over to C:\windows\system32\config.  I assume you have renamed or copied the originals already.


  • 0

#79
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I did it, computer is running normally! Thank you :wave:

What to do next?


Edited by janji, 25 February 2015 - 12:38 PM.

  • 0

#80
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Turn off Windows updates! Run a FRST scan with Additions checked. Post both logs.
  • 0

#81
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

One of the first things I did was turn off Windows update/

 

I'm running the FRST scan (and it seems to have produced 2 documents) the second time now, it's at 'Getting Application errors: 158447' and just like the first scan (I stopped it because of same problem) the numbers aren't moving up but the green bar is still activ.


Edited by janji, 25 February 2015 - 03:58 PM.

  • 0

#82
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

It's still at 'Getting Application errors: 158447', is that normal, should I wait?


  • 0

#83
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Not normal.  Let's check the drive for errors.

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

#84
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

 

Not normal.  Let's check the drive for errors.

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 

 

I did all that but after the reboot there doesn't seem to be any activity. I haven't changed the boot options yet in the BIOs but have removed boot CD, does that make any difference?


  • 0

#85
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Shouldn't make any difference but try making the hard drive the first boot option and see.


  • 0

Advertisements


#86
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I changed the BIOS boot settings and it did the disc check. Then the sfc /scannow and it said that it fixed things.
Done a FRST scan which went smooth too, do you want the logs or should I run the Event Viewer Tool?


  • 0

#87
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Let me have the FRST logs and then run VEW


  • 0

#88
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by User (administrator) on USER-PC on 26-02-2015 16:45:40
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
FF Homepage: https://my.yahoo.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-25]
FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-13]
FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files\SockshareDownloader\SockshareDownloader10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]

Opera:
=======
OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-07] (ArcSoft Inc.)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-07-26] (Realtek Semiconductor.) [File not signed]
R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-26] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 pmem; \??\C:\Users\User\AppData\Local\Temp\_MEI20402\drivers\winpmem32.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 16:45 - 2015-02-26 16:46 - 00035474 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-25 22:14 - 2015-02-25 22:14 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-25 22:06 - 2015-02-25 22:10 - 00000000 ____D () C:\Users\User\Desktop\New folder
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-25 21:38 - 2015-02-25 21:38 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-02-25 21:21 - 2015-02-25 21:21 - 00002087 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\ProductData
2015-02-25 21:19 - 2015-02-25 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-25 21:19 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2015-02-25 21:19 - 2015-02-25 21:19 - 00001170 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-25 21:19 - 2015-02-25 21:19 - 00001146 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\User\AppData\IObit
2015-02-25 20:19 - 2015-02-25 20:19 - 00000000 ____D () C:\Windows\system32\config\temp
2015-02-24 15:26 - 2015-02-24 15:39 - 00000000 ____D () C:\Windows\system32\config\backup
2015-02-13 15:55 - 2015-02-13 15:55 - 00000925 _____ () C:\Users\User\Desktop\SpeedFan.lnk
2015-02-13 15:55 - 2015-02-13 15:55 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-13 00:46 - 2015-02-13 00:46 - 23308373 _____ () C:\Users\User\Desktop\Sister in Danger - SIMPONI (Music Syndicate of Earth Dwellers) @simponii.mp4
2015-02-12 18:53 - 2015-02-12 18:53 - 00000610 _____ () C:\junk.txtnotepad
2015-02-12 18:50 - 2015-02-12 19:35 - 00006292 _____ () C:\junk.txt
2015-02-11 12:44 - 2015-02-11 12:44 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-02-10 21:06 - 2015-02-10 21:06 - 00027517 _____ () C:\ComboFix.txt
2015-02-10 20:46 - 2015-02-10 21:06 - 00000000 ____D () C:\Qoobox
2015-02-10 20:23 - 2015-02-13 17:56 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-10 20:23 - 2015-02-10 20:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-10 20:01 - 2015-02-10 20:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-10 18:30 - 2015-02-11 21:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-10 17:26 - 2015-02-10 17:31 - 00004303 _____ () C:\VEW.txt
2015-02-10 17:24 - 2015-02-10 17:24 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2015-02-10 16:55 - 2015-02-10 16:55 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\autoruns.exe
2015-02-10 14:12 - 2015-02-26 16:45 - 00000000 ____D () C:\FRST
2015-02-10 14:11 - 2015-02-25 22:14 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-06 22:01 - 2015-02-06 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications
2015-01-27 15:31 - 2015-02-11 21:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 01:57 - 2015-01-27 01:57 - 00001069 _____ () C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 16:46 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 16:46 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 16:41 - 2009-10-24 19:57 - 01923239 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 16:40 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-26 16:40 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-26 16:40 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-26 16:39 - 2013-11-10 15:09 - 00000384 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2015-02-26 16:38 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-26 16:37 - 2014-08-19 23:25 - 00018564 _____ () C:\Windows\setupact.log
2015-02-26 16:37 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 16:37 - 2009-07-14 05:33 - 02518864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 16:36 - 2014-12-11 14:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-26 16:36 - 2014-05-06 21:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-26 16:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 14:15 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
2015-02-26 14:15 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
2015-02-26 14:15 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 23:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-25 23:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-25 22:01 - 2014-08-19 23:25 - 00039504 _____ () C:\Windows\PFRO.log
2015-02-25 21:53 - 2015-01-18 16:49 - 00000000 ____D () C:\Program Files\paint.net
2015-02-25 21:52 - 2012-07-29 18:03 - 00000000 ____D () C:\Program Files\Pale Moon
2015-02-25 21:48 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 21:21 - 2011-01-01 12:01 - 00000000 ____D () C:\ProgramData\IObit
2015-02-25 21:21 - 2011-01-01 11:58 - 00000000 ____D () C:\Program Files\IObit
2015-02-25 19:41 - 2012-05-17 17:50 - 00109696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 20:29 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-13 20:15 - 2011-11-21 17:38 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 20:10 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2015-02-13 20:08 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\File Type Advisor
2015-02-13 19:11 - 2013-05-20 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 18:36 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
2015-02-13 18:12 - 2015-01-12 14:50 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
2015-02-13 18:11 - 2013-12-15 19:30 - 10366976 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-13 18:11 - 2013-09-07 20:45 - 00097280 ____H () C:\Users\User\Desktop\photothumb.db
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-12 18:21 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 18:15 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
2015-02-11 21:39 - 2011-11-15 21:55 - 00000000 ____D () C:\Windows\ERDNT
2015-02-11 14:36 - 2013-12-18 20:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 14:35 - 2009-10-24 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 14:35 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:42 - 2013-12-04 00:12 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2015-02-10 17:42 - 2011-11-10 10:07 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-10 17:19 - 2009-10-24 22:36 - 00000000 ____D () C:\Windows\pss
2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
2015-02-09 11:52 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 18:55 - 2015-01-18 21:32 - 00000000 ____D () C:\Users\User\Desktop\CafePress
2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
2015-01-30 10:15 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 17:56 - 2014-09-23 14:59 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-01-27 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2015-01-27 15:28 - 2012-10-31 21:46 - 00204800 ___SH () C:\Users\User\Documents\Thumbs.db
2015-01-27 15:19 - 2013-09-23 18:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-01-27 03:58 - 2014-05-19 12:10 - 00000000 ___RD () C:\Users\User\Desktop\Moi
2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\Free M4a to MP3 Converter

==================== Files in the root of some directories =======

2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7ezu_.dll
C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
C:\Users\User\AppData\Local\temp\sfamcc00001.dll
C:\Users\User\AppData\Local\temp\sfextra.dll
C:\Users\User\AppData\Local\temp\SkypeSetup.exe
C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 14:55

==================== End Of Log ============================


  • 0

#89
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by User at 2015-02-26 16:47:11
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-02-2015 16:00:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {04E861FD-AE2D-4536-972A-9CBC5D1A46B5} - \{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3} No Task File <==== ATTENTION
Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {377645D7-BADA-4E0E-AD5B-C7D00FEE7171} - \GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA No Task File <==== ATTENTION
Task: {3A6520B3-0426-44D3-B409-796B928DAB32} - \{EF9E28E4-BEED-4229-8760-020756DA18C3} No Task File <==== ATTENTION
Task: {4025D84B-DA4C-44AE-923E-7CC6A0CD655E} - \{93F49872-654E-438E-9457-172EA0309781} No Task File <==== ATTENTION
Task: {447799E1-DB8F-4DAE-80B8-A9EC0F829F5B} - \{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF} No Task File <==== ATTENTION
Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {4AAB2EDD-0C71-45BA-B6F5-F8234615B974} - System32\Tasks\Opera scheduled Autoupdate 1424897303 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} - \{6B61C2C6-83AC-410A-8D14-9DC18276731C} No Task File <==== ATTENTION
Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {528AC02D-D334-4AB8-BD2B-78F8F839DA58} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
Task: {6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F} - \GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core No Task File <==== ATTENTION
Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {696BF4F8-729D-4608-B342-9C85321BA971} - System32\Tasks\ASC8_SkipUac_User => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {6B0E942B-0495-4EF7-AEDD-9569A16DA9FB} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {6CC9CD40-24B3-437D-A95F-AA42A7ED2179} - System32\Tasks\{4F269D7E-F484-4872-B125-69A22B1D578E} => D:\dx7ager.exe
Task: {74458643-781C-4690-A8D0-792BAAAB7F6F} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
Task: {7EB660CE-8E8C-4552-9102-38BF0F931FB6} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
Task: {84C33C9B-2486-4F46-A898-F1A14640A101} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {93DA04AE-DC95-41E6-88E1-CC5D550726C6} - System32\Tasks\{963698A4-DBC2-4787-B04A-F72E38679091} => D:\Setup.exe
Task: {9532703A-89D8-44B9-A93F-57991BCF286E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {A0EF1356-998E-4904-81C0-8B04180F6F8C} - System32\Tasks\{37CBC58E-1076-4FF5-B7E8-70E8F2C90ACF} => pcalua.exe -a D:\dx7ager.exe -d D:\
Task: {A0FFA0F9-D5C1-43EB-B9EC-E86857BBCBF8} - System32\Tasks\{F23DC048-0487-44E4-B4BA-8AB1816562FF} => D:\dx7ager.exe
Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
Task: {ADB2CC34-8CD4-4D85-95F3-11A399EDD93A} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-02-25] (IObit)
Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {D66CDB5C-EE69-418D-9BCE-AA81BA27D69F} - System32\Tasks\{3C9EE13C-A6BE-44EA-90B1-CDB1D5FE6C83} => D:\dx7ager.exe
Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DE22063C-A5B8-4A63-9AAC-7A4947C1E411} - \RunAsStdUser Task No Task File <==== ATTENTION
Task: {E14314B3-F4B7-4EFB-BC2F-BFB05FD985CB} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-25 21:21 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-26 16:38 - 2015-02-26 16:38 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022600\algo.dll
2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2015-02-25 21:21 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-02-25 21:21 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-02-25 21:21 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-25 21:21 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-26 16:40 - 2015-02-26 16:40 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7ezu_.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Desktop\Zeugnis-Monika-Spiegel-2.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Amazon Music => "C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: Screen Highlighter => C:\Program Files\Screen Highlighter\shl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2015 04:37:52 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 03:25:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/26/2015 03:14:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/26/2015 02:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid


System errors:
=============
Error: (02/26/2015 04:40:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/26/2015 04:40:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/26/2015 04:38:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/26/2015 04:37:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (02/26/2015 03:42:58 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (02/26/2015 04:37:52 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 03:25:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\keyscrambler\x64\KeyScrambler.exe

Error: (02/26/2015 03:14:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\keyscrambler\x64\KeyScrambler.exe

Error: (02/26/2015 02:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid


==================== Memory info ===========================

Processor: AMD Athlon™ II P320 Dual-Core Processor
Percentage of memory in use: 57%
Total physical RAM: 1786.9 MB
Available physical RAM: 751.36 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 2255.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.73 GB) (Free:131.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:73.36 GB) (Free:59.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#90
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

VEW  System log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/02/2015 17:24:56

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/02/2015 15:40:15
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/02/2015 15:40:15
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 26/02/2015 15:38:44
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/02/2015 15:37:42
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 26/02/2015 14:42:58
Type: Error Category: 0
Event: 14 Source: volsnap
The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Log: 'System' Date/Time: 26/02/2015 14:42:33
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 26/02/2015 14:42:33
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 26/02/2015 14:42:33
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 26/02/2015 14:42:33
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 26/02/2015 14:42:33
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 26/02/2015 14:42:33
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 26/02/2015 13:13:34
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/02/2015 13:13:34
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 26/02/2015 13:10:34
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error:  The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/02/2015 15:37:30
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/02/2015 15:36:45
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/02/2015 15:36:34
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/02/2015 13:10:37
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/02/2015 11:40:58
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP