Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer hacked


  • Please log in to reply

#106
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Windows Live Essentials doesn't let me uninstall it. There's a message saying "Please wait until current programme is finished uninstalling" while there is no other uninstall in progress.


  • 0

Advertisements


#107
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

VEW log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/02/2015 17:29:14

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/02/2015 16:18:08
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 27/02/2015 16:18:08
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 27/02/2015 16:17:22
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 27/02/2015 16:15:37
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Log: 'System' Date/Time: 27/02/2015 16:15:37
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Log: 'System' Date/Time: 27/02/2015 16:15:37
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

 


 


  • 0

#108
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

VEW application:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/02/2015 17:33:17

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#109
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

We are getting errors from Task Scheduler.  Usually this is caused by a task not being removed when the program was removed so I'm going to have FRST get rid of a lot of tasks that I do not think are critical.  I may break a game or two but you can always reinstall them.

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Let's check Process Explorer and see how we are doing:
 
You may still have it - no need to download it again if you do:
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 

 


  • 0

#110
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

After I applied the Fix computer shut down with blue screen, saying that an error has occured and Windows shut down to save etc.
I've started it back up in Safe mode, what should I do now?


  • 0

#111
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

  • 0

#112
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Should I do a System Restore first? I can´t get at the internet in Safe Mode.


  • 0

#113
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Try Safe Mode with Networking.  IF that doesn't work then you can do a system restore.


  • 0

#114
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

BSOD.report:==================================================
Dump File         : 022715-20888-01.dmp
Crash Time        : 2/27/2015 18:35:32
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x842d26a4
Parameter 2       : 0x000000ff
Parameter 3       : 0x00000001
Parameter 4       : 0xa54df72a
Caused By Driver  : halmacpi.dll
Caused By Address : halmacpi.dll+5ba9
File Description  : Hardware Abstraction Layer DLL
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40b7f
Stack Address 1   : windrvNT.sys+72a
Stack Address 2   : windrvNT.sys+10af
Stack Address 3   : ntkrnlpa.exe+1c6c62
Computer Name     :
Full Path         : C:\Windows\Minidump\022715-20888-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 143,352
Dump File Time    : 2/27/2015 18:36:47
==================================================

==================================================
Dump File         : 102214-20451-01.dmp
Crash Time        : 10/22/2014 14:16:52
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1       : 0xc059e500
Parameter 2       : 0xc0000185
Parameter 3       : 0x2a9028c0
Parameter 4       : 0xb3ca00c8
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+ded7c
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18700 (win7sp1_gdr.141211-1742)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+ded7c
Stack Address 1   : ntkrnlpa.exe+a3307
Stack Address 2   : ntkrnlpa.exe+a6be9
Stack Address 3   : ntkrnlpa.exe+90300
Computer Name     :
Full Path         : C:\Windows\Minidump\102214-20451-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 149,584
Dump File Time    : 10/22/2014 14:17:56
==================================================
:

 


  • 0

#115
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

It's odd.  It claims the windrvNT.sys is causing the problem but we just removed it (we killed it off once before the update problem and it didn't hurt anything.)  Right click on Computer and select Manage then Device manager.  View, Show hidden devices.  Now look in the right pane for windrvNT.  It will probably be  a sub device of Non Plug and play devices so click on the plus in front of it.  There may be a yellow flag next to it.  Right click on windrvNT and Uninstall or Delete.  Reboot into regular mode and see if it works.


  • 0

Advertisements


#116
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Ok, done it but there was no yellow flag next to windrvNT, computer started normally.


  • 0

#117
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Great.  Looks like FRST has some problem getting rid of it but it shouldn't bother us any more.  Can we do a FRST scan and also Process Explorer?


  • 0

#118
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST adition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by User at 2015-02-27 20:41:45
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVG 2013 (HKLM\...\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}) (Version: 13.0.2741 - AVG Technologies)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
Mozilla Firefox 36.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 36.0 (x86 en-GB)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-02-2015 16:00:27 Windows Update
27-02-2015 16:49:29 Removed AVG 2013
27-02-2015 16:52:10 Removed Facebook Video Calling 1.2.0.287
27-02-2015 16:53:45 Removed WebCam Companion
27-02-2015 16:55:37 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {4AAB2EDD-0C71-45BA-B6F5-F8234615B974} - System32\Tasks\Opera scheduled Autoupdate 1424897303 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-27 12:09 - 2015-02-27 12:09 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2009-10-24 20:17 - 2007-09-21 02:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-10-17 00:23 - 2014-10-17 00:23 - 00184320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\086a6d7a1b67ee702557defcde5f85b5\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-10-17 02:09 - 2014-10-17 02:09 - 17553920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\b863b058df2bc3ba024231c9ff597138\Kies.Theme.ni.dll
2014-10-17 00:23 - 2014-10-17 00:23 - 01792000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\b07928f0c453603bea895b4ce2ee168d\Kies.UI.ni.dll
2014-10-17 00:23 - 2014-10-17 00:23 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f1de49400c4567d381ba7e17b1b9c52a\Kies.MVVM.ni.dll
2014-10-17 02:09 - 2014-10-17 02:09 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2014-11-03 14:49 - 2014-10-15 06:35 - 06281024 _____ () C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-27 20:29 - 2015-02-27 20:29 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph1cl0q.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Desktop\Zeugnis-Monika-Spiegel-2.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/27/2015 08:30:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/27/2015 08:30:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/27/2015 08:27:52 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 08:27:52 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 08:27:52 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 08:27:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/27/2015 08:26:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/27/2015 08:26:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/27/2015 08:26:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/27/2015 08:23:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ II P320 Dual-Core Processor
Percentage of memory in use: 83%
Total physical RAM: 1786.9 MB
Available physical RAM: 303.07 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 1759.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.73 GB) (Free:131.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:73.36 GB) (Free:59.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#119
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by User (administrator) on USER-PC on 27-02-2015 20:40:09
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Harmony Hollow Software) C:\Program Files\Screen Highlighter\shl.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => c:\program files\common files\apple\apple application support\apsdaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] => c:\program files\microsoft office\office14\bcssync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => c:\program files\divx\divx media server\divxmediaserver.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => c:\program files\divx\divx update\divxupdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [KiesTrayAgent] => c:\program files\samsung\kies\kiestrayagent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Aeria Ignite] => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Screen Highlighter] => C:\Program Files\Screen Highlighter\shl.exe [643072 2013-12-20] (Harmony Hollow Software)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-27] (Microsoft Corporation)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [KiesPreload] => c:\program files\samsung\kies\kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [GameXN GO] => "c:\programdata\gamexn\gamexngo.exe" /startup
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [FreeRAM XP] => c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe [1591808 2012-11-27] (YourWare Solutions ™)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Amazon Music] => C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
ShortcutTarget: OfficeSAS.lnk -> C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
FF Homepage: https://my.yahoo.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-13]
FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]

Opera:
=======
OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-26] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 20:40 - 2015-02-27 20:41 - 00034121 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-27 19:18 - 2015-02-27 19:21 - 00000000 ____D () C:\Users\User\Desktop\bluescreenview
2015-02-27 19:18 - 2015-02-27 19:18 - 00067310 _____ () C:\Users\User\Desktop\bluescreenview.zip
2015-02-27 18:36 - 2015-02-27 18:36 - 00143352 _____ () C:\Windows\Minidump\022715-20888-01.dmp
2015-02-26 19:14 - 2015-02-26 19:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-26 19:09 - 2015-02-26 19:09 - 00000925 _____ () C:\Users\User\Desktop\SpeedFan.lnk
2015-02-26 17:20 - 2015-02-26 17:20 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW(1).exe
2015-02-25 22:14 - 2015-02-25 22:14 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-25 22:06 - 2015-02-27 20:39 - 00000000 ____D () C:\Users\User\Desktop\New folder
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-25 21:38 - 2015-02-25 21:38 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\ProductData
2015-02-25 21:19 - 2015-02-25 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-25 21:19 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\User\AppData\IObit
2015-02-25 20:19 - 2015-02-25 20:19 - 00000000 ____D () C:\Windows\system32\config\temp
2015-02-24 15:26 - 2015-02-24 15:39 - 00000000 ____D () C:\Windows\system32\config\backup
2015-02-13 15:55 - 2015-02-26 19:09 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-13 00:46 - 2015-02-13 00:46 - 23308373 _____ () C:\Users\User\Desktop\Sister in Danger - SIMPONI (Music Syndicate of Earth Dwellers) @simponii.mp4
2015-02-12 18:53 - 2015-02-12 18:53 - 00000610 _____ () C:\junk.txtnotepad
2015-02-12 18:50 - 2015-02-12 19:35 - 00006292 _____ () C:\junk.txt
2015-02-11 12:44 - 2015-02-11 12:44 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-02-10 21:06 - 2015-02-10 21:06 - 00027517 _____ () C:\ComboFix.txt
2015-02-10 20:46 - 2015-02-10 21:06 - 00000000 ____D () C:\Qoobox
2015-02-10 20:23 - 2015-02-27 14:03 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-10 20:23 - 2015-02-26 19:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-10 20:01 - 2015-02-10 20:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-10 18:30 - 2015-02-11 21:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-10 17:26 - 2015-02-27 17:33 - 00000359 _____ () C:\VEW.txt
2015-02-10 17:24 - 2015-02-10 17:24 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2015-02-10 16:55 - 2015-02-10 16:55 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\autoruns.exe
2015-02-10 14:12 - 2015-02-27 20:40 - 00000000 ____D () C:\FRST
2015-02-10 14:11 - 2015-02-25 22:14 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-06 22:01 - 2015-02-27 13:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 20:39 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-27 20:39 - 2009-10-24 19:57 - 01976159 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 20:35 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 20:35 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 20:29 - 2014-11-03 20:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-02-27 20:29 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-27 20:29 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-27 20:29 - 2009-10-24 22:23 - 00000000 ____D () C:\Users\User\Tracing
2015-02-27 20:27 - 2014-08-19 23:25 - 00018900 _____ () C:\Windows\setupact.log
2015-02-27 20:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 18:36 - 2014-10-22 14:17 - 226848308 _____ () C:\Windows\MEMORY.DMP
2015-02-27 18:36 - 2012-01-29 19:33 - 00000000 ____D () C:\Windows\Minidump
2015-02-27 17:15 - 2014-08-19 23:25 - 00040826 _____ () C:\Windows\PFRO.log
2015-02-27 16:55 - 2009-10-24 22:19 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-02-27 16:54 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-27 16:43 - 2011-01-01 11:58 - 00000000 ____D () C:\Program Files\IObit
2015-02-27 16:24 - 2010-03-16 04:41 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-02-27 16:24 - 2009-10-24 22:23 - 00000000 ____D () C:\Program Files\Yahoo!
2015-02-27 16:21 - 2009-10-24 22:36 - 00000000 ____D () C:\Windows\pss
2015-02-27 12:36 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
2015-02-26 20:28 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
2015-02-26 20:28 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
2015-02-26 20:28 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 19:13 - 2013-12-15 19:30 - 10366976 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-26 18:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 16:38 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-26 16:37 - 2009-07-14 05:33 - 02518864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 16:36 - 2014-12-11 14:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-26 16:36 - 2014-05-06 21:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-25 23:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-25 23:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-25 21:53 - 2015-01-18 16:49 - 00000000 ____D () C:\Program Files\paint.net
2015-02-25 21:52 - 2012-07-29 18:03 - 00000000 ____D () C:\Program Files\Pale Moon
2015-02-25 21:48 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 21:21 - 2011-01-01 12:01 - 00000000 ____D () C:\ProgramData\IObit
2015-02-25 19:41 - 2012-05-17 17:50 - 00109696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 20:29 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-13 20:15 - 2011-11-21 17:38 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 20:10 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2015-02-13 19:11 - 2013-05-20 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 18:36 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
2015-02-13 18:12 - 2015-01-12 14:50 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
2015-02-13 18:11 - 2013-09-07 20:45 - 00097280 ____H () C:\Users\User\Desktop\photothumb.db
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-12 18:21 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 18:15 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
2015-02-11 21:39 - 2011-11-15 21:55 - 00000000 ____D () C:\Windows\ERDNT
2015-02-11 14:36 - 2013-12-18 20:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 14:35 - 2009-10-24 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 14:35 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:42 - 2013-12-04 00:12 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2015-02-10 17:42 - 2011-11-10 10:07 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 18:55 - 2015-01-18 21:32 - 00000000 ____D () C:\Users\User\Desktop\CafePress
2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp

==================== Files in the root of some directories =======

2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph1cl0q.dll
C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
C:\Users\User\AppData\Local\temp\sfamcc00001.dll
C:\Users\User\AppData\Local\temp\sfareca00001.dll
C:\Users\User\AppData\Local\temp\sfextra.dll
C:\Users\User\AppData\Local\temp\SkypeSetup.exe
C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 14:55

==================== End Of Log ============================


  • 0

#120
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Process explorer:
 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    72.95    0 K    24 K    0            
firefox.exe    7.60    487,116 K    505,296 K    4644    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
procexp.exe    4.46    23,288 K    43,216 K    6128    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Skype.exe    4.38    107,764 K    123,272 K    4112    Skype     Skype Technologies S.A.    (Verified) Skype Software Sarl
Interrupts    2.48    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    2.08    52 K    1,020 K    4            
Dropbox.exe    1.78    72,244 K    93,936 K    5016    Dropbox    Dropbox, Inc.    (Verified) Dropbox
psia.exe    1.70    13,328 K    14,832 K    2168    Secunia PSI Agent    Secunia    (Verified) Secunia
dwm.exe    0.83    28,332 K    25,672 K    1732    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.36    2,124 K    12,060 K    512    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
robotaskbaricon.exe    0.22    10,412 K    18,704 K    4148    RoboForm TaskBar Icon    Siber Systems    (Verified) Siber Systems Inc
netsession_win.exe    0.22    6,412 K    11,864 K    3416    Akamai NetSession Client    Akamai Technologies, Inc.    (Verified) Akamai Technologies
Kies.exe    0.18    24,672 K    28,552 K    4364    Kies    Samsung    (A certificate was explicitly revoked by its issuer) Samsung
lsass.exe    0.12    3,072 K    7,536 K    576    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.11    28,880 K    41,476 K    1808    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.10    17,308 K    27,012 K    1084    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
hsswd.exe    0.08    2,352 K    4,412 K    352            (Verified) AnchorFree Inc
services.exe    0.06    3,580 K    7,812 K    552    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    0.05    2,312 K    5,532 K    2008    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
svchost.exe    0.04    12,820 K    12,052 K    944    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
AvastSvc.exe    0.03    55,708 K    41,180 K    1440    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
AvastUI.exe    0.03    14,120 K    10,924 K    2308    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
SearchIndexer.exe    0.03    30,580 K    13,420 K    3600    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
iPodService.exe    0.02    1,628 K    4,448 K    3556    iPodService Module (32-bit)    Apple Inc.    (Verified) Apple Inc.
cmw_srv.exe    0.02    12,104 K    12,380 K    1504    Hotspot Shield 3.42    AnchorFree Inc.    (No signature was present in the subject) AnchorFree Inc.
wmpnetwk.exe    0.01    4,528 K    7,908 K    4548    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
CCleaner.exe    0.01    5,524 K    1,420 K    2824    CCleaner    Piriform Ltd    (Verified) Piriform Ltd
psi_tray.exe    0.01    904 K    3,604 K    4784    Secunia PSI Tray    Secunia    (Verified) Secunia
SASCORE.EXE    0.01    756 K    2,756 K    1924    Core Service    SUPERAntiSpyware.com    (Verified) SUPERAntiSpyware.com
dllhost.exe    0.01    4,664 K    7,008 K    3344    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    < 0.01    1,604 K    3,448 K    424    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    13,036 K    11,480 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    63,016 K    64,524 K    988    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
netsession_win.exe    < 0.01    2,536 K    4,680 K    3476    Akamai NetSession Client    Akamai Technologies, Inc.    (Verified) Akamai Technologies
iTunesHelper.exe    < 0.01    2,952 K    6,624 K    2508    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
SynTPEnh.exe    < 0.01    7,132 K    8,204 K    2176    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Microsoft Windows Hardware Compatibility Publisher
WmiPrvSE.exe        6,068 K    9,956 K    2284    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        1,760 K    4,688 K    644    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        980 K    3,024 K    504    Windows Start-Up Application    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
unsecapp.exe        1,448 K    4,092 K    3976    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,204 K    3,972 K    2860    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        608 K    2,188 K    2576    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe        3,908 K    6,400 K    824    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        35,784 K    13,600 K    2676    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        3,224 K    6,792 K    732    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        3,480 K    6,552 K    3700    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,924 K    4,240 K    3992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        9,740 K    11,288 K    1780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,476 K    10,544 K    1024    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,572 K    3,764 K    1192    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,280 K    4,144 K    2624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sua.exe        764 K    2,352 K    2140    Secunia Update Agent    Secunia    (Verified) Secunia
StayOnTop.exe        1,044 K    4,796 K    4824    Allows you to force windows to always stay on top of other windows.    J. Eric Vaughan    (No signature was present in the subject) J. Eric Vaughan
SpotifyWebHelper.exe        1,432 K    5,448 K    984    SpotifyWebHelper    Spotify Ltd    (Verified) Spotify AB
spoolsv.exe        4,908 K    7,036 K    1752    Spooler SubSystem App    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
SolidPdfService.exe        704 K    2,368 K    2592    Solid Spool Service    Solid Documents, LLC    (Verified) Solid Documents
smss.exe        268 K    756 K    304    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
shl.exe        6,068 K    12,616 K    4316        Harmony Hollow Software    (No signature was present in the subject) Harmony Hollow Software
NBService.exe        2,496 K    4,844 K    372    Nero BackItUp    Nero AG    (Verified) Nero AG
msnmsgr.exe        20,524 K    7,660 K    4344    Windows Live Messenger    Microsoft Corporation    (Verified) Microsoft Corporation
lsm.exe        1,572 K    3,216 K    584    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
KiesTrayAgent.exe        3,308 K    8,640 K    4084    Kies TrayAgent Application    Samsung Electronics Co., Ltd.    (A certificate was explicitly revoked by its issuer) Samsung Electronics Co., Ltd.
KeyScrambler.exe        1,816 K    6,016 K    3172    KeyScrambler    QFX Software Corporation    (Verified) QFX Software Corporation
dllhost.exe        1,200 K    4,040 K    1228    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
DivXUpdate.exe        9,204 K    11,748 K    2500    DivX Update        (Verified) DivX
atiesrxx.exe        824 K    2,988 K    872    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        1,408 K    4,484 K    1360    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe        824 K    2,792 K    1952    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
Amazon Music Helper.exe        4,232 K    10,620 K    4492            (Verified) Amazon Services LLC
agrsmsvc.exe        584 K    1,944 K    1984    LSI Soft Modem Call Progress Service    LSI Corporation    (Verified) LSI Corporation


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP