Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer hacked

Started by janji , Feb 09 2015 05:42 AM

  • Please log in to reply

#91
janji
Posted 26 February 2015 - 10:37 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

VEW Application log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/02/2015 17:34:43

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/02/2015 15:37:52
Type: Error Category: 0
Event: 0 Source: SetupARService
Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.    at SetupAfterRebootService.SetupARService.OnStart(String[] args)    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 26/02/2015 15:36:29
Type: Error Category: 0
Event: 0 Source: AdvancedSystemCareService8
The event description cannot be found.

Log: 'Application' Date/Time: 26/02/2015 15:36:29
Type: Error Category: 0
Event: 0 Source: AdvancedSystemCareService8
The event description cannot be found.

Log: 'Application' Date/Time: 26/02/2015 14:25:14
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "c:\program files\keyscrambler\x64\KeyScrambler.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/02/2015 14:14:12
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "c:\program files\keyscrambler\x64\KeyScrambler.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/02/2015 13:11:28
Type: Error Category: 0
Event: 0 Source: SetupARService
Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.    at SetupAfterRebootService.SetupARService.OnStart(String[] args)    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 26/02/2015 11:40:55
Type: Error Category: 0
Event: 0 Source: AdvancedSystemCareService8
The event description cannot be found.

Log: 'Application' Date/Time: 26/02/2015 11:40:55
Type: Error Category: 0
Event: 0 Source: AdvancedSystemCareService8
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/02/2015 15:42:49
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-4165335087-975643669-458432890-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    The object was not found.  (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 26/02/2015 13:14:59
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-4165335087-975643669-458432890-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    The object was not found.  (HRESULT : 0x80041201) (0x80041201)


Log: 'Application' Date/Time: 26/02/2015 11:40:52
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   5 user registry handles leaked from \Registry\User\S-1-5-21-4165335087-975643669-458432890-1000:
Process 784 (\Device\HarddiskVolume1\Program Files\IObit\Advanced SystemCare 8\ASCService.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\SearchScopes
Process 784 (\Device\HarddiskVolume1\Program Files\IObit\Advanced SystemCare 8\ASCService.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer
Process 784 (\Device\HarddiskVolume1\Program Files\IObit\Advanced SystemCare 8\ASCService.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Clients\StartMenuInternet
Process 784 (\Device\HarddiskVolume1\Program Files\IObit\Advanced SystemCare 8\ASCService.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Process 784 (\Device\HarddiskVolume1\Program Files\IObit\Advanced SystemCare 8\ASCService.exe) has opened key \REGISTRY\USER\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main
 


  • 0

Advertisements

#92
RKinner
Posted 26 February 2015 - 11:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Uninstall Advanced System Care.  It's not working correctly and I don't trust them anyway.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
ight click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron

 


  • 0

#93
janji
Posted 26 February 2015 - 11:29 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

1. FRST fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by User at 2015-02-26 18:26:57 Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1422282306&from=smt&uid=ST9320423AS_5VH3ENV8"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files\SockshareDownloader\SockshareDownloader10.crx [Not Found]
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 pmem; \??\C:\Users\User\AppData\Local\Temp\_MEI20402\drivers\winpmem32.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
Task: {04E861FD-AE2D-4536-972A-9CBC5D1A46B5} - \{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3} No Task File <==== ATTENTION
Task: {377645D7-BADA-4E0E-AD5B-C7D00FEE7171} - \GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA No Task File <==== ATTENTION
Task: {3A6520B3-0426-44D3-B409-796B928DAB32} - \{EF9E28E4-BEED-4229-8760-020756DA18C3} No Task File <==== ATTENTION
Task: {4025D84B-DA4C-44AE-923E-7CC6A0CD655E} - \{93F49872-654E-438E-9457-172EA0309781} No Task File <==== ATTENTION
Task: {447799E1-DB8F-4DAE-80B8-A9EC0F829F5B} - \{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF} No Task File <==== ATTENTION
Task: {45530A69-1F35-4D06-B41F-94B1594EDTask: {4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} - \{6B61C2C6-83AC-410A-8D14-9DC18276731C} No Task File <==== ATTENTION
Task: {6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F} - \GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core No Task File <==== ATTENTION
Task: {6B0E942B-0495-4EF7-AEDD-9569A16DA9FB} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {6CC9CD40-24B3-437D-A95F-AA42A7ED2179} - System32\Tasks\{4F269D7E-F484-4872-B125-69A22B1D578E} => D:\dx7ager.exe
Task: {7EB660CE-8E8C-4552-9102-38BF0F931FB6} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {84C33C9B-2486-4F46-A898-F1A14640A101} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {93DA04AE-DC95-41E6-88E1-CC5D550726C6} - System32\Tasks\{963698A4-DBC2-4787-B04A-F72E38679091} => D:\Setup.exe
Task: {A0EF1356-998E-4904-81C0-8B04180F6F8C} - System32\Tasks\{37CBC58E-1076-4FF5-B7E8-70E8F2C90ACF} => pcalua.exe -a D:\dx7ager.exe -d D:\
Task: {A0FFA0F9-D5C1-43EB-B9EC-E86857BBCBF8} - System32\Tasks\{F23DC048-0487-44E4-B4BA-8AB1816562FF} => D:\dx7ager.exe
Task: {D66CDB5C-EE69-418D-9BCE-AA81BA27D69F} - System32\Tasks\{3C9EE13C-A6BE-44EA-90B1-CDB1D5FE6C83} => D:\dx7ager.exe
Task: {DE22063C-A5B8-4A63-9AAC-7A4947C1E411} - \RunAsStdUser Task No Task File <==== ATTENTION




*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll not found.
C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll not found.
C:\Windows\system32\npDeployJava1.dll not found.
c:\program files\real\realplayer\Netscape6\nppl3260.dll not found.
c:\program files\real\realplayer\Netscape6\nprpplugin.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ibnmbpihhamedhophbnjjpidokcknoid" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ohlfohjgijhjlpidbbnmcdooegafnnnm" => Key deleted successfully.
adfs => Service deleted successfully.
catchme => Service deleted successfully.
EagleXNt => Service deleted successfully.
pmem => Service deleted successfully.
RimUsb => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
XDva405 => Service deleted successfully.
XDva409 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}\\SystemComponent => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E861FD-AE2D-4536-972A-9CBC5D1A46B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E861FD-AE2D-4536-972A-9CBC5D1A46B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D4D8F4B-6DBF-4385-BF15-55BDF20671E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377645D7-BADA-4E0E-AD5B-C7D00FEE7171}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377645D7-BADA-4E0E-AD5B-C7D00FEE7171}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A6520B3-0426-44D3-B409-796B928DAB32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6520B3-0426-44D3-B409-796B928DAB32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF9E28E4-BEED-4229-8760-020756DA18C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4025D84B-DA4C-44AE-923E-7CC6A0CD655E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4025D84B-DA4C-44AE-923E-7CC6A0CD655E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93F49872-654E-438E-9457-172EA0309781}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{447799E1-DB8F-4DAE-80B8-A9EC0F829F5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447799E1-DB8F-4DAE-80B8-A9EC0F829F5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14E304B4-6289-4E60-9E9F-7CAEA78D6EEF}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {45530A69-1F35-4D06-B41F-94B1594ED{4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B61C2C6-83AC-410A-8D14-9DC18276731C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B0E942B-0495-4EF7-AEDD-9569A16DA9FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B0E942B-0495-4EF7-AEDD-9569A16DA9FB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Razer_Game_Booster_AutoUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CC9CD40-24B3-437D-A95F-AA42A7ED2179}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CC9CD40-24B3-437D-A95F-AA42A7ED2179}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4F269D7E-F484-4872-B125-69A22B1D578E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4F269D7E-F484-4872-B125-69A22B1D578E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EB660CE-8E8C-4552-9102-38BF0F931FB6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB660CE-8E8C-4552-9102-38BF0F931FB6}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task for VeohWebPlayer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task for VeohWebPlayer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84C33C9B-2486-4F46-A898-F1A14640A101}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84C33C9B-2486-4F46-A898-F1A14640A101}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93DA04AE-DC95-41E6-88E1-CC5D550726C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93DA04AE-DC95-41E6-88E1-CC5D550726C6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{963698A4-DBC2-4787-B04A-F72E38679091} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{963698A4-DBC2-4787-B04A-F72E38679091}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0EF1356-998E-4904-81C0-8B04180F6F8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0EF1356-998E-4904-81C0-8B04180F6F8C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{37CBC58E-1076-4FF5-B7E8-70E8F2C90ACF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37CBC58E-1076-4FF5-B7E8-70E8F2C90ACF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0FFA0F9-D5C1-43EB-B9EC-E86857BBCBF8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0FFA0F9-D5C1-43EB-B9EC-E86857BBCBF8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F23DC048-0487-44E4-B4BA-8AB1816562FF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F23DC048-0487-44E4-B4BA-8AB1816562FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D66CDB5C-EE69-418D-9BCE-AA81BA27D69F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D66CDB5C-EE69-418D-9BCE-AA81BA27D69F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3C9EE13C-A6BE-44EA-90B1-CDB1D5FE6C83} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C9EE13C-A6BE-44EA-90B1-CDB1D5FE6C83}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE22063C-A5B8-4A63-9AAC-7A4947C1E411}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE22063C-A5B8-4A63-9AAC-7A4947C1E411}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.

==== End of Fixlog 18:27:01 ====


  • 0

#94
RKinner
Posted 26 February 2015 - 11:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I expect we lost speedfan so let's get it again 

 

speedfan
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)
 
It will tell you your temps.
 
Let's see if your cleaning helped.

  • 0

#95
janji
Posted 26 February 2015 - 11:39 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST additional scan , additions:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by User at 2015-02-26 18:33:06
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVG 2013 (HKLM\...\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}) (Version: 13.0.2741 - AVG Technologies)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-02-2015 16:00:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {4AAB2EDD-0C71-45BA-B6F5-F8234615B974} - System32\Tasks\Opera scheduled Autoupdate 1424897303 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} - \{6B61C2C6-83AC-410A-8D14-9DC18276731C} No Task File <==== ATTENTION
Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {528AC02D-D334-4AB8-BD2B-78F8F839DA58} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {74458643-781C-4690-A8D0-792BAAAB7F6F} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9532703A-89D8-44B9-A93F-57991BCF286E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
Task: {ADB2CC34-8CD4-4D85-95F3-11A399EDD93A} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-02-25] (IObit)
Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-26 16:38 - 2015-02-26 16:38 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022600\algo.dll
2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2009-10-24 20:17 - 2007-09-21 02:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-26 16:40 - 2015-02-26 16:40 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7ezu_.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Desktop\Zeugnis-Monika-Spiegel-2.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Amazon Music => "C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: Screen Highlighter => C:\Program Files\Screen Highlighter\shl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2015 04:37:52 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 03:25:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/26/2015 03:14:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/26/2015 02:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid


System errors:
=============
Error: (02/26/2015 06:24:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/26/2015 04:40:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/26/2015 04:40:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/26/2015 04:38:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/26/2015 04:37:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (02/26/2015 03:42:58 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/26/2015 03:42:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (02/26/2015 04:37:52 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 04:36:29 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 03:25:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\keyscrambler\x64\KeyScrambler.exe

Error: (02/26/2015 03:14:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\keyscrambler\x64\KeyScrambler.exe

Error: (02/26/2015 02:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/26/2015 00:40:55 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid


==================== Memory info ===========================

Processor: AMD Athlon™ II P320 Dual-Core Processor
Percentage of memory in use: 42%
Total physical RAM: 1786.9 MB
Available physical RAM: 1029.02 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 2327.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.73 GB) (Free:131.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:73.36 GB) (Free:59.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#96
janji
Posted 26 February 2015 - 11:43 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST scan, additions:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by User (administrator) on USER-PC on 26-02-2015 18:31:51
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
FF Homepage: https://my.yahoo.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-25]
FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-13]
FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-01-27]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]

Opera:
=======
OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-07] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-07-26] (Realtek Semiconductor.) [File not signed]
R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-26] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 18:31 - 2015-02-26 18:32 - 00033116 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-26 17:20 - 2015-02-26 17:20 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW(1).exe
2015-02-25 22:14 - 2015-02-25 22:14 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-25 22:06 - 2015-02-26 18:30 - 00000000 ____D () C:\Users\User\Desktop\New folder
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-25 21:38 - 2015-02-25 21:38 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\ProductData
2015-02-25 21:19 - 2015-02-25 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-25 21:19 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2015-02-25 21:19 - 2015-02-25 21:19 - 00001170 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-25 21:19 - 2015-02-25 21:19 - 00001146 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\User\AppData\IObit
2015-02-25 20:19 - 2015-02-25 20:19 - 00000000 ____D () C:\Windows\system32\config\temp
2015-02-24 15:26 - 2015-02-24 15:39 - 00000000 ____D () C:\Windows\system32\config\backup
2015-02-13 15:55 - 2015-02-13 15:55 - 00000925 _____ () C:\Users\User\Desktop\SpeedFan.lnk
2015-02-13 15:55 - 2015-02-13 15:55 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-13 00:46 - 2015-02-13 00:46 - 23308373 _____ () C:\Users\User\Desktop\Sister in Danger - SIMPONI (Music Syndicate of Earth Dwellers) @simponii.mp4
2015-02-12 18:53 - 2015-02-12 18:53 - 00000610 _____ () C:\junk.txtnotepad
2015-02-12 18:50 - 2015-02-12 19:35 - 00006292 _____ () C:\junk.txt
2015-02-11 12:44 - 2015-02-11 12:44 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-02-10 21:06 - 2015-02-10 21:06 - 00027517 _____ () C:\ComboFix.txt
2015-02-10 20:46 - 2015-02-10 21:06 - 00000000 ____D () C:\Qoobox
2015-02-10 20:23 - 2015-02-13 17:56 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-10 20:23 - 2015-02-10 20:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-10 20:01 - 2015-02-10 20:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-10 18:30 - 2015-02-11 21:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-10 17:26 - 2015-02-26 17:34 - 00004980 _____ () C:\VEW.txt
2015-02-10 17:24 - 2015-02-10 17:24 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2015-02-10 16:55 - 2015-02-10 16:55 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\autoruns.exe
2015-02-10 14:12 - 2015-02-26 18:31 - 00000000 ____D () C:\FRST
2015-02-10 14:11 - 2015-02-25 22:14 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-06 22:01 - 2015-02-06 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications
2015-01-27 15:31 - 2015-02-11 21:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 01:57 - 2015-01-27 01:57 - 00001069 _____ () C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 18:25 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-26 18:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 18:14 - 2009-10-24 19:57 - 01927118 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 16:46 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 16:46 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 16:40 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-26 16:40 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-26 16:39 - 2013-11-10 15:09 - 00000384 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2015-02-26 16:38 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-26 16:37 - 2014-08-19 23:25 - 00018564 _____ () C:\Windows\setupact.log
2015-02-26 16:37 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 16:37 - 2009-07-14 05:33 - 02518864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 16:36 - 2014-12-11 14:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-26 16:36 - 2014-05-06 21:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-26 14:15 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
2015-02-26 14:15 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
2015-02-26 14:15 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 23:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-25 23:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-25 22:01 - 2014-08-19 23:25 - 00039504 _____ () C:\Windows\PFRO.log
2015-02-25 21:53 - 2015-01-18 16:49 - 00000000 ____D () C:\Program Files\paint.net
2015-02-25 21:52 - 2012-07-29 18:03 - 00000000 ____D () C:\Program Files\Pale Moon
2015-02-25 21:48 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 21:21 - 2011-01-01 12:01 - 00000000 ____D () C:\ProgramData\IObit
2015-02-25 21:21 - 2011-01-01 11:58 - 00000000 ____D () C:\Program Files\IObit
2015-02-25 19:41 - 2012-05-17 17:50 - 00109696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 20:29 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-13 20:15 - 2011-11-21 17:38 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 20:10 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2015-02-13 20:08 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\File Type Advisor
2015-02-13 19:11 - 2013-05-20 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 18:36 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
2015-02-13 18:12 - 2015-01-12 14:50 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
2015-02-13 18:11 - 2013-12-15 19:30 - 10366976 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-13 18:11 - 2013-09-07 20:45 - 00097280 ____H () C:\Users\User\Desktop\photothumb.db
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-12 18:21 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 18:15 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
2015-02-11 21:39 - 2011-11-15 21:55 - 00000000 ____D () C:\Windows\ERDNT
2015-02-11 14:36 - 2013-12-18 20:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 14:35 - 2009-10-24 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 14:35 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:42 - 2013-12-04 00:12 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2015-02-10 17:42 - 2011-11-10 10:07 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-10 17:19 - 2009-10-24 22:36 - 00000000 ____D () C:\Windows\pss
2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
2015-02-09 11:52 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 18:55 - 2015-01-18 21:32 - 00000000 ____D () C:\Users\User\Desktop\CafePress
2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
2015-01-30 10:15 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 17:56 - 2014-09-23 14:59 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-01-27 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2015-01-27 15:28 - 2012-10-31 21:46 - 00204800 ___SH () C:\Users\User\Documents\Thumbs.db
2015-01-27 15:19 - 2013-09-23 18:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-01-27 03:58 - 2014-05-19 12:10 - 00000000 ___RD () C:\Users\User\Desktop\Moi
2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
2015-01-27 01:57 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\Free M4a to MP3 Converter

==================== Files in the root of some directories =======

2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7ezu_.dll
C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
C:\Users\User\AppData\Local\temp\sfamcc00001.dll
C:\Users\User\AppData\Local\temp\sfextra.dll
C:\Users\User\AppData\Local\temp\SkypeSetup.exe
C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 14:55

==================== End Of Log ============================


  • 0

#97
janji
Posted 26 February 2015 - 12:05 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

VEW log, system:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/02/2015 19:00:50

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/02/2015 17:50:27
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/02/2015 17:50:27
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 26/02/2015 17:48:06
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Log: 'System' Date/Time: 26/02/2015 17:48:06
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Log: 'System' Date/Time: 26/02/2015 17:48:06
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/02/2015 17:48:07
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/02/2015 17:47:20
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


  • 0

#98
janji
Posted 26 February 2015 - 12:17 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Temps going up to 56- 62 C

 

Capture.PNG


Edited by janji, 26 February 2015 - 12:18 PM.

  • 0

#99
RKinner
Posted 26 February 2015 - 01:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Temps aren't too bad.  If they stay there we can live with them.  Leave Speedfan running and check the box for Automatic Fan Speed.  Sometimes that helps a bit.
 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#100
janji
Posted 27 February 2015 - 05:50 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Thanks Ron,
 

here FRST fix log:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by User at 2015-02-27 12:46:32 Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-25]
Task: {4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405} - \{6B61C2C6-83AC-410A-8D14-9DC18276731C} No Task File <==== ATTENTION
S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-07-26] (Realtek Semiconductor.) [File not signed]
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X]




*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
"HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF5B2D6-BCA4-42DD-AE6E-B02B2716B405}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B61C2C6-83AC-410A-8D14-9DC18276731C} => Key not found.
SetupARService => Service deleted successfully.
ArcService => Service deleted successfully.

==== End of Fixlog 12:46:34 ====


  • 0

Advertisements

#101
janji
Posted 27 February 2015 - 05:55 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by User at 2015-02-27 12:52:38
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVG 2013 (HKLM\...\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}) (Version: 13.0.2741 - AVG Technologies)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
Mozilla Firefox 36.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 36.0 (x86 en-GB)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-02-2015 16:00:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {4AAB2EDD-0C71-45BA-B6F5-F8234615B974} - System32\Tasks\Opera scheduled Autoupdate 1424897303 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {528AC02D-D334-4AB8-BD2B-78F8F839DA58} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {74458643-781C-4690-A8D0-792BAAAB7F6F} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9532703A-89D8-44B9-A93F-57991BCF286E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
Task: {ADB2CC34-8CD4-4D85-95F3-11A399EDD93A} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-02-25] (IObit)
Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-26 16:38 - 2015-02-26 16:38 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022600\algo.dll
2015-02-27 12:09 - 2015-02-27 12:09 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2009-10-24 20:17 - 2007-09-21 02:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-27 12:10 - 2015-02-27 12:10 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdwldn.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-26 20:25 - 2015-02-27 12:34 - 00158720 _____ () C:\Users\User\AppData\Local\Temp\sfareca00001.dll
2015-02-13 15:55 - 2015-02-27 12:34 - 00192512 _____ () C:\Users\User\AppData\Local\Temp\sfamcc00001.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Desktop\Zeugnis-Monika-Spiegel-2.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Amazon Music => "C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: Screen Highlighter => C:\Program Files\Screen Highlighter\shl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 00:10:14 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 07:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1089885

Error: (02/26/2015 07:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1089885

Error: (02/26/2015 07:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 07:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1088887

Error: (02/26/2015 07:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1088887

Error: (02/26/2015 07:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 07:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1087857

Error: (02/26/2015 07:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1087857

Error: (02/26/2015 07:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/27/2015 00:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/27/2015 00:12:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/27/2015 00:08:58 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 00:08:58 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 00:08:58 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

Error: (02/26/2015 09:04:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/26/2015 06:50:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/26/2015 06:50:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/26/2015 06:48:06 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/26/2015 06:48:06 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.


Microsoft Office Sessions:
=========================
Error: (02/27/2015 00:10:14 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 07:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1089885

Error: (02/26/2015 07:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1089885

Error: (02/26/2015 07:39:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 07:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1088887

Error: (02/26/2015 07:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1088887

Error: (02/26/2015 07:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2015 07:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1087857

Error: (02/26/2015 07:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1087857

Error: (02/26/2015 07:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Athlon™ II P320 Dual-Core Processor
Percentage of memory in use: 80%
Total physical RAM: 1786.9 MB
Available physical RAM: 350.89 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 1737.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.73 GB) (Free:131.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:73.36 GB) (Free:59.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#102
janji
Posted 27 February 2015 - 05:56 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by User (administrator) on USER-PC on 27-02-2015 12:51:01
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Almico Software (almico.com)) C:\Program Files\SpeedFan\speedfan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
FF Homepage: https://my.yahoo.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-13]
FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]

Opera:
=======
OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-07] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-26] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 12:51 - 2015-02-27 12:51 - 00032670 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-26 19:14 - 2015-02-26 19:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-26 19:09 - 2015-02-26 19:09 - 00000925 _____ () C:\Users\User\Desktop\SpeedFan.lnk
2015-02-26 19:08 - 2015-02-26 19:08 - 02218504 _____ () C:\Users\User\Desktop\instspeedfan451.exe
2015-02-26 17:20 - 2015-02-26 17:20 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW(1).exe
2015-02-25 22:14 - 2015-02-25 22:14 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-25 22:06 - 2015-02-26 18:59 - 00000000 ____D () C:\Users\User\Desktop\New folder
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-25 21:38 - 2015-02-25 21:38 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\ProductData
2015-02-25 21:19 - 2015-02-25 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-25 21:19 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2015-02-25 21:19 - 2015-02-25 21:19 - 00001170 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-25 21:19 - 2015-02-25 21:19 - 00001146 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\User\AppData\IObit
2015-02-25 20:19 - 2015-02-25 20:19 - 00000000 ____D () C:\Windows\system32\config\temp
2015-02-24 15:26 - 2015-02-24 15:39 - 00000000 ____D () C:\Windows\system32\config\backup
2015-02-13 15:55 - 2015-02-26 19:09 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-13 00:46 - 2015-02-13 00:46 - 23308373 _____ () C:\Users\User\Desktop\Sister in Danger - SIMPONI (Music Syndicate of Earth Dwellers) @simponii.mp4
2015-02-12 18:53 - 2015-02-12 18:53 - 00000610 _____ () C:\junk.txtnotepad
2015-02-12 18:50 - 2015-02-12 19:35 - 00006292 _____ () C:\junk.txt
2015-02-11 12:44 - 2015-02-11 12:44 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-02-10 21:06 - 2015-02-10 21:06 - 00027517 _____ () C:\ComboFix.txt
2015-02-10 20:46 - 2015-02-10 21:06 - 00000000 ____D () C:\Qoobox
2015-02-10 20:23 - 2015-02-27 12:34 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-10 20:23 - 2015-02-26 19:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-10 20:01 - 2015-02-10 20:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-10 18:30 - 2015-02-11 21:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-10 17:26 - 2015-02-26 19:00 - 00002176 _____ () C:\VEW.txt
2015-02-10 17:24 - 2015-02-10 17:24 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2015-02-10 16:55 - 2015-02-10 16:55 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\autoruns.exe
2015-02-10 14:12 - 2015-02-27 12:51 - 00000000 ____D () C:\FRST
2015-02-10 14:11 - 2015-02-25 22:14 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-06 22:01 - 2015-02-27 12:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 12:51 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-27 12:47 - 2009-10-24 19:57 - 01946367 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 12:36 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
2015-02-27 12:17 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 12:17 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 12:11 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-27 12:10 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-27 12:08 - 2014-08-19 23:25 - 00018676 _____ () C:\Windows\setupact.log
2015-02-27 12:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 20:28 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
2015-02-26 20:28 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
2015-02-26 20:28 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 19:13 - 2013-12-15 19:30 - 10366976 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-26 18:47 - 2014-08-19 23:25 - 00040416 _____ () C:\Windows\PFRO.log
2015-02-26 18:47 - 2011-01-01 11:58 - 00000000 ____D () C:\Program Files\IObit
2015-02-26 18:46 - 2013-11-10 15:09 - 00000384 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2015-02-26 18:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 16:38 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-26 16:37 - 2009-07-14 05:33 - 02518864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 16:36 - 2014-12-11 14:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-26 16:36 - 2014-05-06 21:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-25 23:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-25 23:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-25 21:53 - 2015-01-18 16:49 - 00000000 ____D () C:\Program Files\paint.net
2015-02-25 21:52 - 2012-07-29 18:03 - 00000000 ____D () C:\Program Files\Pale Moon
2015-02-25 21:48 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 21:21 - 2011-01-01 12:01 - 00000000 ____D () C:\ProgramData\IObit
2015-02-25 19:41 - 2012-05-17 17:50 - 00109696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 20:29 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-13 20:15 - 2011-11-21 17:38 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 20:10 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2015-02-13 20:08 - 2013-09-13 18:48 - 00000000 ____D () C:\Program Files\File Type Advisor
2015-02-13 19:11 - 2013-05-20 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 18:36 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
2015-02-13 18:12 - 2015-01-12 14:50 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
2015-02-13 18:11 - 2013-09-07 20:45 - 00097280 ____H () C:\Users\User\Desktop\photothumb.db
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-12 18:21 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 18:15 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
2015-02-11 21:39 - 2011-11-15 21:55 - 00000000 ____D () C:\Windows\ERDNT
2015-02-11 14:36 - 2013-12-18 20:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 14:35 - 2009-10-24 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 14:35 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:42 - 2013-12-04 00:12 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2015-02-10 17:42 - 2011-11-10 10:07 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-10 17:19 - 2009-10-24 22:36 - 00000000 ____D () C:\Windows\pss
2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
2015-02-09 11:52 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 18:55 - 2015-01-18 21:32 - 00000000 ____D () C:\Users\User\Desktop\CafePress
2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp

==================== Files in the root of some directories =======

2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdwldn.dll
C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
C:\Users\User\AppData\Local\temp\sfamcc00001.dll
C:\Users\User\AppData\Local\temp\sfareca00001.dll
C:\Users\User\AppData\Local\temp\sfextra.dll
C:\Users\User\AppData\Local\temp\SkypeSetup.exe
C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 14:55

==================== End Of Log ============================


  • 0

#103
RKinner
Posted 27 February 2015 - 08:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can you go in to msconfig and enable all of the things you have unchecked and reboot?

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Amazon Music => "C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: Screen Highlighter => C:\Program Files\Screen Highlighter\shl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

 

None of them seem to be evil and it would be better to uninstall the program if you don't want it.

 

I would uninstall:

 

uninstall:
 
Yahoo! Software Update - No Yahoo software to update
Windows Live Essentials - includes MSN Messenger which you have blocked with msconfig.  Totally worthless program as far as I am concerned but some people use it.  Poorly written and causes errors.  Foisted on people as part of optional windows updates.
Surfing Protection - Part of Advanced System Care
SlimDrivers - not needed
IObit Uninstaller - part of Advanced System Care that we have already removed.
File Type Advisor 1.3 -not needed usually adware
AVG 2013 -already gone
ArcSoft WebCam Companion 3 -causing errorrs
Bonjour - Causing errors
 
plus any of the programs in msconfig that you don't want.
 
Then run FRST again so I can make sure nothing got left behind.
 
Also let's check for errors again:
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 

  • 0

#104
janji
Posted 27 February 2015 - 10:06 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Done,

 

FRST addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by User at 2015-02-27 17:02:40
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVG 2013 (HKLM\...\{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}) (Version: 13.0.2741 - AVG Technologies)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deep Space Nine  The Fallen (HKLM\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
Mozilla Firefox 36.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 36.0 (x86 en-GB)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\MyFreeCodec) (Version:  - )
Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Opera Stable 22.0.1471.50 (HKU\.DEFAULT\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 27.0.1689.66 (HKLM\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PixBuilder Studio 2.2.0 (HKLM\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-11-5 - Siber Systems)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
Screencast-O-Matic (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Spotify (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-02-2015 16:00:27 Windows Update
27-02-2015 16:49:29 Removed AVG 2013
27-02-2015 16:52:10 Removed Facebook Video Calling 1.2.0.287
27-02-2015 16:53:45 Removed WebCam Companion
27-02-2015 16:55:37 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-01-31 13:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {07F84AF2-E58C-4301-8826-B096055D02D9} - System32\Tasks\{B89786A5-2A46-4517-B0E7-508247CF0832} => pcalua.exe -a C:\Users\User\Downloads\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Downloads
Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {1C8D0C93-7DAB-4682-8789-8366FB00127C} - System32\Tasks\{A0E4CF2F-63B1-4231-85A6-214419F70C0E} => pcalua.exe -a C:\Users\User\Desktop\StayOnTopSetup\setup.exe -d C:\Users\User\Desktop\StayOnTopSetup
Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1ECD887F-0104-4DD7-A710-9C5395C6A951} - System32\Tasks\{4EEFC9EF-F5CB-4779-ACE9-E6E142F3A2A7} => pcalua.exe -a C:\Users\User\Downloads\StickMen2.exe -d C:\Users\User\Downloads
Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {45530A69-1F35-4D06-B41F-94B1594EDF7E} - System32\Tasks\{9A8EB359-4F7E-4308-9493-BB15F09E0C58} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {4AAB2EDD-0C71-45BA-B6F5-F8234615B974} - System32\Tasks\Opera scheduled Autoupdate 1424897303 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {5279F69B-9D40-4913-9505-511F29BFC7A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {7FE76F22-AFA4-4FA4-8DAC-DF486E0A0A7C} - System32\Tasks\{8D186181-64A7-4DE8-BF9E-56CE8C036859} => pcalua.exe -a C:\Users\User\Downloads\MostFun-TriJinx.exe -d C:\Users\User\Downloads
Task: {8684D3B5-3133-4FC4-9DA0-BDD6DC8C6D65} - System32\Tasks\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D439F5F-3404-43D0-946A-B5E3B04868E8} - System32\Tasks\{D5600665-28E8-4C8B-8689-40461E7213A5} => pcalua.exe -a C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -d C:\Users\User\Desktop\Desktop_Icons
Task: {8EB924C6-7440-4431-B478-7347952D07C2} - System32\Tasks\{A4285F0B-0CAB-49D5-AE51-D915A239085A} => pcalua.exe -a C:\Users\User\Downloads\MostFun-AliceGreenfingers.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9CA3ADEB-1C25-4519-BBCA-2A2562FA1216} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E49D608-F3BB-45C4-9E13-96A265C87178} - System32\Tasks\{20E7AAFF-D1D3-44EE-9C61-EC536F1301A4} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {A8069E3F-77A5-4732-BD5F-ABE150C2BD9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
Task: {B30EFF16-BF79-4529-B48E-CDD4CEE47AF6} - System32\Tasks\{49BD601D-4EF8-4212-A8CB-721025105856} => C:\Program Files\MostFun\HeroesofHellas\game.exe
Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C39DC1AB-CEF4-4CA6-8759-5AD31AD313A0} - System32\Tasks\{44697339-8CD4-4D87-AC9E-B1FB6795CEBB} => pcalua.exe -a C:\Users\User\Desktop\YouTube-Unblocker-fr-Opera-Setup.exe -d C:\Users\User\Desktop
Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1737EB2-A2E7-44F7-AB6D-D8713A98973C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-21] (Siber Systems)
Task: {E6131A85-C447-4BC1-BE9C-FAC5157B9457} - System32\Tasks\{64C5F840-75C7-476C-85CE-6FAC09218037} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {EA96CC01-11E3-44A1-B5A6-9112ABA2652C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe
Task: {F7238D14-03C3-4409-894F-EB4AB00D19DC} - System32\Tasks\{708C0D35-1D80-41A6-9694-791D05EF6EC4} => C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe
Task: {F75141E0-2799-41D1-B0E0-66B9E160BE81} - System32\Tasks\{5DF228DD-88D3-4B83-9E2A-E0C4819A0295} => pcalua.exe -a C:\Users\User\Desktop\dips64-setup.exe -d C:\Users\User\Desktop
Task: {F8F96CEA-F891-46FA-8E7D-890713D1D97A} - System32\Tasks\{20D88817-FDC1-42D6-982E-15A872542E55} => C:\Program Files\DS9TheFallen\System\Ds9.exe [2000-12-04] ()
Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-01 14:08 - 2014-08-01 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-27 12:09 - 2015-02-27 12:09 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2011-11-21 19:59 - 2011-10-03 19:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2009-10-24 20:17 - 2007-09-21 02:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2014-08-01 14:08 - 2014-08-01 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-27 13:02 - 2015-02-27 13:02 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl8djop.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-26 20:25 - 2015-02-27 14:03 - 00158720 _____ () C:\Users\User\AppData\Local\Temp\sfareca00001.dll
2015-02-13 15:55 - 2015-02-27 14:03 - 00192512 _____ () C:\Users\User\AppData\Local\Temp\sfamcc00001.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\User\Desktop\David Byrne & Brian Eno - Life is Long.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Desktop\Zeugnis-Monika-Spiegel-2.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4165335087-975643669-458432890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4165335087-975643669-458432890-500 - Administrator - Disabled)
Guest (S-1-5-21-4165335087-975643669-458432890-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4165335087-975643669-458432890-1002 - Limited - Enabled)
User (S-1-5-21-4165335087-975643669-458432890-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 04:04:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.9015, time stamp: 0x5277789f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x8cc
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (02/27/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7065083

Error: (02/27/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7065083

Error: (02/27/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 04:04:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7064069

Error: (02/27/2015 04:04:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7064069

Error: (02/27/2015 04:04:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 04:04:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7063071

Error: (02/27/2015 04:04:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7063071

Error: (02/27/2015 04:04:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/27/2015 04:04:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/27/2015 01:03:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/27/2015 01:03:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/27/2015 01:03:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/27/2015 01:01:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 01:01:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 01:01:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

Error: (02/27/2015 00:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/27/2015 00:12:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/27/2015 00:08:58 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.


Microsoft Office Sessions:
=========================
Error: (02/27/2015 04:04:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.90155277789funknown0.0.0.000000000c0000005000000008cc01d0528520d8c19bC:\Program Files\Secunia\PSI\PSIA.exeunknownf5af6060-be91-11e4-a521-c80aa9f30dbe

Error: (02/27/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7065083

Error: (02/27/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7065083

Error: (02/27/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 04:04:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7064069

Error: (02/27/2015 04:04:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7064069

Error: (02/27/2015 04:04:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 04:04:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7063071

Error: (02/27/2015 04:04:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7063071

Error: (02/27/2015 04:04:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD Athlon™ II P320 Dual-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 1786.9 MB
Available physical RAM: 924.39 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 2389.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.73 GB) (Free:131.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:73.36 GB) (Free:59.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4C3F8CFC)
Partition 1: (Active) - (Size=224.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#105
janji
Posted 27 February 2015 - 10:07 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by User (administrator) on USER-PC on 27-02-2015 17:01:22
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Almico Software (almico.com)) C:\Program Files\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => c:\program files\common files\apple\apple application support\apsdaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] => c:\program files\microsoft office\office14\bcssync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => c:\program files\divx\divx media server\divxmediaserver.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => c:\program files\divx\divx update\divxupdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [508744 2014-10-26] (QFX Software Corporation)
HKLM\...\Run: [QuickTime Task] => c:\program files\quicktime alternative\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [KiesTrayAgent] => c:\program files\samsung\kies\kiestrayagent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Aeria Ignite] => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-21] (Siber Systems)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Screen Highlighter] => C:\Program Files\Screen Highlighter\shl.exe [643072 2013-12-20] (Harmony Hollow Software)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-27] (Microsoft Corporation)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [KiesPreload] => c:\program files\samsung\kies\kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [GameXN GO] => "c:\programdata\gamexn\gamexngo.exe" /startup
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [FreeRAM XP] => c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe [1591808 2012-11-27] (YourWare Solutions ™)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Amazon Music] => C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
ShortcutTarget: OfficeSAS.lnk -> C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
FF Homepage: https://my.yahoo.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4165335087-975643669-458432890-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\searchplugins\google-images.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Clear Recent History... + - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-04]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Password Hasher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-10-12]
FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-12-04]
FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-01-13]
FF Extension: New Tab King - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2014-10-15]
FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-29]
FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-06]
FF Extension: Gmail panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-23]
FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-11-26]
FF Extension: Dictionary Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-04]
FF Extension: Open in Private Browsing Mode - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-01-31]
FF Extension: Google™ Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-13]
FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Mail Preview - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-12-06]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: RSS Icon in url bar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2015-02-03]
FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Facebook Phishing Protector - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-10-09]
FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-08]
FF Extension: Bluhell Firewall - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-02-06]
FF Extension: Google  Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-10]
FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-12-25]
FF Extension: Google Reverse Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-01-10]
FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
FF Extension: QuickNote - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2015-02-03]
FF Extension: Search By Image (by Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-15]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]

Opera:
=======
OPR StartupUrls: "https://my.yahoo.com...s=X2CddkC8XgE&"
OPR Extension: (Facebook and Youtube Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbnaecmeebnefmbepifgdkllmgcnikmh [2014-09-21]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmbpnlkamenjkedgaedpjfdmjpldcjpj [2014-11-03]
OPR Extension: (MediaPlus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnoagnjlblajeghmbaejnfhekofbecd [2014-11-14]
OPR Extension: (Youtube to mp3 converter) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2014-02-14]
OPR Extension: (Facebook, Youtube or any web site Unblocker) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcgpiijgdhilioddgebgegabcjgfgccj [2014-11-03]
OPR Extension: (Web Developer) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2014-05-11]
OPR Extension: (Download Chrome Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-02-13]
OPR Extension: (SiteNotes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\leeaiockmjkojafakgpocdekmjnnpcpg [2014-02-13]
OPR Extension: (TVP.PL Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\lpbhfckilgccpclafjiapbcelgpfmjfa [2014-11-14]
OPR Extension: (Download YouTube Videos as MP4) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-03-19]
OPR Extension: (Amazon for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-02-05]
OPR Extension: (User CSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mncnlbhenhkojjdpjpbajnmmcdnlbkmp [2014-03-05]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\noigcpeehjnfkmkfgklkjlojbapbdcpg [2014-12-21]
OPR Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-02-13]
OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2014-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-22] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-26] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 17:01 - 2015-02-27 17:02 - 00033815 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-26 19:14 - 2015-02-26 19:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-26 19:09 - 2015-02-26 19:09 - 00000925 _____ () C:\Users\User\Desktop\SpeedFan.lnk
2015-02-26 17:20 - 2015-02-26 17:20 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW(1).exe
2015-02-25 22:14 - 2015-02-25 22:14 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-25 22:06 - 2015-02-27 17:00 - 00000000 ____D () C:\Users\User\Desktop\New folder
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-25 21:48 - 2015-02-25 21:48 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-25 21:38 - 2015-02-25 21:38 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-25 21:21 - 2015-02-25 21:21 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\ProductData
2015-02-25 21:19 - 2015-02-25 21:22 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-25 21:19 - 2015-02-25 21:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\IObit
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\User\AppData\IObit
2015-02-25 20:19 - 2015-02-25 20:19 - 00000000 ____D () C:\Windows\system32\config\temp
2015-02-24 15:26 - 2015-02-24 15:39 - 00000000 ____D () C:\Windows\system32\config\backup
2015-02-13 15:55 - 2015-02-26 19:09 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-13 00:46 - 2015-02-13 00:46 - 23308373 _____ () C:\Users\User\Desktop\Sister in Danger - SIMPONI (Music Syndicate of Earth Dwellers) @simponii.mp4
2015-02-12 18:53 - 2015-02-12 18:53 - 00000610 _____ () C:\junk.txtnotepad
2015-02-12 18:50 - 2015-02-12 19:35 - 00006292 _____ () C:\junk.txt
2015-02-11 12:44 - 2015-02-11 12:44 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-02-10 21:06 - 2015-02-10 21:06 - 00027517 _____ () C:\ComboFix.txt
2015-02-10 20:46 - 2015-02-10 21:06 - 00000000 ____D () C:\Qoobox
2015-02-10 20:23 - 2015-02-27 14:03 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-10 20:23 - 2015-02-26 19:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-10 20:01 - 2015-02-10 20:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-10 18:30 - 2015-02-11 21:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-10 17:26 - 2015-02-26 19:00 - 00002176 _____ () C:\VEW.txt
2015-02-10 17:24 - 2015-02-10 17:24 - 00061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2015-02-10 16:55 - 2015-02-10 16:55 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\autoruns.exe
2015-02-10 14:12 - 2015-02-27 17:01 - 00000000 ____D () C:\FRST
2015-02-10 14:11 - 2015-02-25 22:14 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-02-10 13:59 - 2015-02-10 13:59 - 01388274 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-02-10 13:38 - 2015-02-10 13:38 - 02112512 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\ATI
2015-02-09 21:06 - 2015-02-09 21:06 - 00006222 _____ () C:\Windows\DPINST.LOG
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\DIFX
2015-02-09 21:06 - 2015-02-09 21:06 - 00000000 ____D () C:\Program Files\AMD
2015-02-09 21:06 - 2009-12-22 02:26 - 00030392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-02-09 12:17 - 2015-02-09 12:17 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2015-02-09 12:02 - 2015-02-09 20:53 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-02-09 11:52 - 2010-02-05 09:50 - 03013344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-09 11:52 - 2010-02-05 09:50 - 02622496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 01640992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-09 11:52 - 2010-02-05 09:50 - 00371232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00357576 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00293584 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00145760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00057376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-02-09 11:52 - 2010-02-05 09:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hp
2015-02-09 02:19 - 2015-02-09 02:19 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 00:13 - 2015-02-09 00:13 - 08998130 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rains A-Gonna Fall Official - YouTube.mp4
2015-02-07 15:04 - 2015-02-07 15:05 - 08749661 _____ () C:\Users\User\Desktop\Bryan Ferry - A Hard Rain's A-Gonna Fall [Official].mp4
2015-02-06 22:33 - 2015-02-06 22:33 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 22:33 - 2015-02-06 22:33 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-06 22:01 - 2015-02-27 13:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-05 01:40 - 2015-02-05 01:40 - 15795631 _____ () C:\Users\User\Desktop\Hollywood Undead - Outside (Official Lyric Video).mp4
2015-02-05 01:31 - 2015-02-05 01:32 - 20690486 _____ () C:\Users\User\Desktop\Jes Ebrahim - Keamanan (Promo MV).mp4
2015-02-03 17:14 - 2015-02-03 17:16 - 3869692740 _____ () C:\Users\User\Documents\User-PcMediaIDbin.zip
2015-02-02 13:19 - 2015-02-02 13:19 - 182002016 _____ (Igor Pavlov) C:\Users\User\Downloads\nero7PremiumReloaded.exe
2015-02-02 01:08 - 2015-02-02 01:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\MMFApplications

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 16:56 - 2009-10-24 22:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-27 16:55 - 2009-10-24 22:19 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-02-27 16:55 - 2009-10-24 19:57 - 01958351 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 16:54 - 2009-10-24 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-27 16:43 - 2011-01-01 11:58 - 00000000 ____D () C:\Program Files\IObit
2015-02-27 16:24 - 2010-03-16 04:41 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-02-27 16:24 - 2009-10-24 22:23 - 00000000 ____D () C:\Program Files\Yahoo!
2015-02-27 16:21 - 2009-10-24 22:36 - 00000000 ____D () C:\Windows\pss
2015-02-27 13:08 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 13:08 - 2009-07-14 05:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 13:02 - 2013-05-20 19:46 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-27 13:02 - 2013-05-20 19:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-27 13:01 - 2014-08-19 23:25 - 00018732 _____ () C:\Windows\setupact.log
2015-02-27 13:01 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 12:36 - 2014-03-09 00:18 - 00000000 ___RD () C:\Users\User\Desktop\new pics
2015-02-26 20:28 - 2009-10-24 22:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
2015-02-26 20:28 - 2009-10-24 22:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
2015-02-26 20:28 - 2009-10-24 20:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 19:13 - 2013-12-15 19:30 - 10366976 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-26 18:47 - 2014-08-19 23:25 - 00040416 _____ () C:\Windows\PFRO.log
2015-02-26 18:20 - 2012-07-14 23:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 16:38 - 2013-11-10 15:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-26 16:37 - 2009-07-14 05:33 - 02518864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 16:36 - 2014-12-11 14:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-26 16:36 - 2014-05-06 21:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-02-26 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-25 23:20 - 2012-07-14 23:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-25 23:20 - 2012-07-14 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-25 21:53 - 2015-01-18 16:49 - 00000000 ____D () C:\Program Files\paint.net
2015-02-25 21:52 - 2012-07-29 18:03 - 00000000 ____D () C:\Program Files\Pale Moon
2015-02-25 21:48 - 2013-07-05 20:19 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 21:21 - 2011-01-01 12:01 - 00000000 ____D () C:\ProgramData\IObit
2015-02-25 19:41 - 2012-05-17 17:50 - 00109696 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 20:29 - 2013-08-22 14:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-13 20:15 - 2011-11-21 17:38 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 20:10 - 2013-09-14 11:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2015-02-13 19:11 - 2013-05-20 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 18:36 - 2014-12-17 17:51 - 00000000 ___RD () C:\Users\User\Desktop\BYE
2015-02-13 18:12 - 2015-01-12 14:50 - 00000000 ___RD () C:\Users\User\Desktop\scrapBYE
2015-02-13 18:11 - 2013-09-07 20:45 - 00097280 ____H () C:\Users\User\Desktop\photothumb.db
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-12 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-12 18:21 - 2012-11-23 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 18:15 - 2014-03-23 00:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
2015-02-11 21:39 - 2011-11-15 21:55 - 00000000 ____D () C:\Windows\ERDNT
2015-02-11 14:36 - 2013-12-18 20:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 14:35 - 2009-10-24 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 14:35 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:42 - 2013-12-04 00:12 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2015-02-10 17:42 - 2011-11-10 10:07 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-10 13:48 - 2013-09-13 20:10 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:05 - 2013-12-18 20:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-09 11:53 - 2013-11-10 15:49 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-09 11:53 - 2013-11-10 15:48 - 00000000 ___HD () C:\Program Files\Temp
2015-02-09 04:08 - 2014-07-16 08:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:43 - 2013-07-01 14:04 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 18:55 - 2015-01-18 21:32 - 00000000 ____D () C:\Users\User\Desktop\CafePress
2015-02-03 16:45 - 2013-09-05 13:10 - 00000000 ___RD () C:\Users\User\Desktop\friends;me
2015-02-03 16:42 - 2012-09-03 20:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
2015-01-30 20:10 - 2012-09-03 20:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics and recordings
2015-01-29 12:44 - 2009-10-24 20:42 - 00000000 ____D () C:\ProgramData\Temp

==================== Files in the root of some directories =======

2013-08-18 22:52 - 2013-09-30 11:14 - 0000115 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2013-08-18 22:52 - 2013-09-30 11:14 - 0000005 _____ () C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
2013-11-30 21:51 - 2014-05-11 15:41 - 0174615 _____ () C:\Users\User\AppData\Local\ars.cache
2013-11-30 21:52 - 2014-05-11 15:42 - 0362748 _____ () C:\Users\User\AppData\Local\census.cache
2012-07-16 20:40 - 2012-07-16 20:40 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2013-11-26 19:38 - 2013-11-26 19:38 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-01-18 15:32 - 2015-01-18 15:32 - 0003045 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2010-12-16 18:20 - 2010-12-16 18:20 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl8djop.dll
C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RSPUpgradeInstaller.exe
C:\Users\User\AppData\Local\temp\sfamcc00001.dll
C:\Users\User\AppData\Local\temp\sfareca00001.dll
C:\Users\User\AppData\Local\temp\sfextra.dll
C:\Users\User\AppData\Local\temp\SkypeSetup.exe
C:\Users\User\AppData\Local\temp\smt_mystartsearch.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 14:55

==================== End Of Log ============================

 


Edited by janji, 27 February 2015 - 10:10 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP