Jump to content

Recommended Posts

Hi,

I've been having some audio ads for a while. I disabled adobe shockwave which makes them go away, but that's not a realistic solution as I need shockwave for browsing. I use Chrome and I re-installed it, it didn't work. I have run scans of Malwarebytes and Security Essentials. 

I downloaded SystemLook and looked for rpcss.dll. My log is this:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:26 on 23/01/2015
Administrator - Elevation successful
 
========== Filefind ==========
 
Searching for "rpcss.dll"
C:\Windows\System32\rpcss.dll --a---- 512000 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123
 
-= EOF =-
Link to post
Share on other sites

Hello and welcome!

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Hello Radek,

Recently, I have uninstalled hotspot shield, a vpn client. I have not heard any audio ads till now. I believe that may have been the cause of the problem. However, as you said, the absence of symptoms doesn't mean the threat has been eliminated. Here are the logs for farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by User (administrator) on USER-PC on 23-01-2015 10:21:55

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available profiles: User)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\PrimoCache (Beta)\primoccsvc.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe

(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Adobe Systems Incorporated) C:\Config.Msi\1b9da99.rbf

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

() C:\Users\User\AppData\Local\Viber\Viber.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-16] (VIA)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [skyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [936456 2014-03-05] ()

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-19] (Google Inc.)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe [7440384 2014-10-15] (i-Funbox.com)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [GoogleChromeAutoLaunch_A2AD96D9D80B13C2B435AE52A3C6CE0E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-20] (Google Inc.)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\MountPoints2: F - F:\setup.exe

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\MountPoints2: G - G:\setup.exe

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusNbKeys.exe - Shortcut.lnk

ShortcutTarget: AsusNbKeys.exe - Shortcut.lnk -> C:\Users\User\Desktop\AsusNbKeys_v1.3\AsusNbKeys.exe ()

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [s-1-5-21-458947259-368414734-4088398591-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555

HKU\S-1-5-21-458947259-368414734-4088398591-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> DefaultScope {4CFF888D-776C-4E27-99E1-3D1C3F7F5B45} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> {0EE7ACC4-8736-4527-B85B-768CD5A1ABB0} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> {4CFF888D-776C-4E27-99E1-3D1C3F7F5B45} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File

Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-10]

FF HKLM-x32\...\Firefox\Extensions: [iSAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com

FF HKLM-x32\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com

 

Chrome:

=======

CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D1D957-5A61-44D3-8685-0B4D0388BC74&SSPV=

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D1D957-5A61-44D3-8685-0B4D0388BC74&SSPV=", "hxxp://google.com/", "hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDDD7104B-DC43-4600-96C8-FE2C17155A9A&SSPV=", "hxxp://mysearch.avg.com?cid={4495FA13-4758-4A56-A5AE-0A9A35353F08}&mid=b841c49d842747d2987041affc908ad4-0d61978659cac77876a222ea520cb50974297fa7〈=en&ds=st011&coid=avgtbdisst&cmpid=&pr=sa&d=2014-02-10 14:56:25&v=17.3.1.91&pid=safeguard&sg=&sap=hp"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]

CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09]

CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09]

CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-23]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-23]

CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]

CHR Extension: (Laterflix) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okojkkbmafjeoplgikaaihnnjghpiban [2015-01-23]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 PrimoCacheSvc; C:\Program Files\PrimoCache (Beta)\PrimoCcSvc.exe [126560 2014-01-28] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)

S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-08] (Company) [File not signed]

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

R0 FancyCcV; C:\Windows\System32\DRIVERS\rxfcv.sys [143968 2014-01-28] (Romex Software)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0114.sys [28768 2014-06-30] (SoftEther VPN Project at University of Tsukuba, Japan.)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] ()

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-23 10:20 - 2015-01-23 10:20 - 00002770 _____ () C:\Users\User\Desktop\JRT.txt

2015-01-23 10:18 - 2015-01-23 10:18 - 02126848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2015-01-23 10:04 - 2015-01-23 10:04 - 00000000 ____D () C:\ProgramData\hsswpr

2015-01-23 09:55 - 2015-01-23 09:55 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-23 09:55 - 2015-01-23 09:55 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-23 09:53 - 2015-01-23 09:53 - 02186752 _____ () C:\Users\User\Downloads\AdwCleaner.exe

2015-01-23 09:53 - 2015-01-23 09:53 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe

2015-01-23 09:52 - 2015-01-23 09:52 - 18570328 _____ () C:\Users\User\Downloads\RogueKillerX64.exe

2015-01-23 09:26 - 2015-01-23 09:26 - 00165376 _____ () C:\Users\User\Downloads\SystemLook_x64.exe

2015-01-23 09:26 - 2015-01-23 09:26 - 00001072 _____ () C:\Users\User\Downloads\SystemLook.txt

2015-01-23 09:23 - 2015-01-23 09:23 - 00000000 ____D () C:\Users\User\Downloads\tdsskiller

2015-01-23 08:59 - 2015-01-23 08:59 - 05006144 _____ (Adobe Systems Inc.) C:\Users\User\Downloads\Shockwave_Installer_Slim.exe

2015-01-23 08:59 - 2015-01-23 08:59 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

2015-01-23 00:56 - 2015-01-23 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-23 00:55 - 2015-01-23 10:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-23 00:55 - 2015-01-23 01:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-23 00:55 - 2015-01-23 00:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-23 00:55 - 2015-01-23 00:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-23 00:53 - 2015-01-23 00:53 - 00000572 _____ () C:\Windows\PFRO.log

2015-01-23 00:53 - 2015-01-23 00:53 - 00000056 _____ () C:\Windows\setupact.log

2015-01-23 00:53 - 2015-01-23 00:53 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-23 00:50 - 2015-01-23 00:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sawbuck

2015-01-23 00:42 - 2015-01-23 00:43 - 00037588 _____ () C:\Users\User\Downloads\Addition.txt

2015-01-23 00:41 - 2015-01-23 10:22 - 00022890 _____ () C:\Users\User\Downloads\FRST.txt

2015-01-23 00:41 - 2015-01-23 10:21 - 00000000 ____D () C:\FRST

2015-01-23 00:28 - 2015-01-23 00:28 - 00001698 _____ () C:\Users\User\Downloads\software_removal_tool.log

2015-01-22 23:14 - 2015-01-22 23:22 - 207252620 _____ () C:\Users\User\Downloads\DDLValley.rocks_the.vampire.diaries.611.hdtv-lol.mp4

2015-01-22 10:31 - 2015-01-22 10:31 - 47883419 _____ () C:\Users\User\Downloads\(C87) [Niku Ringo (Kakugari Kyoudai)] NIPPON HEAD-CHA-LA (Dragon Ball Z).cbz

2015-01-20 00:29 - 2015-01-20 00:29 - 00000000 ____D () C:\Users\User\Downloads\YGOPUZZLEEditorV3

2015-01-19 23:57 - 2015-01-19 23:57 - 00750567 _____ () C:\Users\User\Downloads\YGOPUZZLEEditorV3.rar

2015-01-18 17:00 - 2015-01-18 17:00 - 00002181 _____ () C:\Users\User\AppData\Local\recently-used.xbel

2015-01-18 15:38 - 2015-01-18 15:38 - 00000000 ____D () C:\Users\User\Downloads\iTools0520E

2015-01-18 15:38 - 2015-01-18 15:38 - 00000000 ____D () C:\Users\User\Documents\iTools

2015-01-18 15:36 - 2015-01-18 15:36 - 00003464 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup

2015-01-18 15:36 - 2015-01-18 15:36 - 00003200 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start

2015-01-18 15:36 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Rainmaker Software Group LLC.​

2015-01-18 15:36 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\User\AppData\Local\Rainmaker_Software_Group_

2015-01-16 19:40 - 2015-01-16 19:40 - 22409731 _____ () C:\Users\User\Downloads\SmartGo Kifu2.0.ipa

2015-01-16 19:37 - 2015-01-18 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions

2015-01-16 19:37 - 2015-01-16 19:38 - 00000000 ____D () C:\ProgramData\WindSolutions

2015-01-16 17:56 - 2015-01-16 17:56 - 00001397 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk

2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate

2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\Program Files (x86)\Seagate

2015-01-16 17:51 - 2015-01-16 17:51 - 00000000 ____D () C:\Users\User\Downloads\SeaToolsDOS223ALL

2015-01-16 16:56 - 2015-01-16 17:02 - 00002969 _____ () C:\Windows\SysWOW64\debug.log

2015-01-16 12:32 - 2015-01-16 12:46 - 00000000 ____D () C:\Program Files (x86)\iFunbox 2014

2015-01-16 12:32 - 2015-01-16 12:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\iFunBox.NXGen

2015-01-15 13:07 - 2015-01-15 13:07 - 00000000 ____D () C:\Users\User\Downloads\dropbox_track_techsplurge

2015-01-14 20:13 - 2015-01-15 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-01-14 08:51 - 2015-01-22 13:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\deluge

2015-01-14 08:50 - 2015-01-14 09:39 - 00000979 _____ () C:\Users\Public\Desktop\Deluge.lnk

2015-01-14 08:50 - 2015-01-14 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge

2015-01-14 08:50 - 2015-01-14 08:50 - 00000000 ____D () C:\Program Files (x86)\Deluge

2015-01-14 08:26 - 2015-01-14 08:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-14 04:11 - 2015-01-14 04:11 - 00000000 ____D () C:\Users\User\Documents\OneNote Notebooks

2015-01-13 12:51 - 2015-01-13 12:53 - 302917235 _____ () C:\Users\User\Downloads\Eye.Candy.S01E01.HDTV.x264-ASAP.mp4

2015-01-13 12:08 - 2015-01-13 12:08 - 00001194 _____ () C:\Windows\system32\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [uruujima (Uruujima Call)] Dai Gamilas Teisei Ginga Houmen Senyou Sei Dorei Senkan   Sex Slave Battleship of the Galman Empire (English) [dou.torrent.lnk

2015-01-12 11:35 - 2015-01-12 11:35 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk

2015-01-12 11:35 - 2015-01-12 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time

2015-01-12 11:35 - 2015-01-12 11:35 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time

2015-01-11 11:43 - 2015-01-11 22:37 - 00000000 ____D () C:\Program Files\ComicRack

2015-01-10 23:18 - 2015-01-10 23:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\HandBrake

2015-01-10 23:17 - 2015-01-10 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake

2015-01-09 20:15 - 2015-01-09 20:15 - 02834862 _____ () C:\Users\User\Downloads\DataEditorX-master.zip

2015-01-08 16:07 - 2015-01-08 16:18 - 639838920 _____ () C:\Users\User\Downloads\Essential Anatomy 5 (v5.0 iPhone4 Univ LP os70)-Locophone-ICPDA.rc318.ipa

2015-01-08 14:41 - 2015-01-16 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\iFunbox_UserCache

2015-01-08 14:39 - 2015-01-18 15:41 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam

2015-01-03 23:57 - 2015-01-03 23:57 - 00001445 _____ () C:\Users\User\Downloads\Jaden's cards.txt

2015-01-02 11:02 - 2015-01-02 11:02 - 00001290 _____ () C:\Windows\system32\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (Reitaisai 11) [Tonpuuratei (Saemon)] Iku-san to Onsen de Ichaicha Shitai!! - I Want to Flirt With Iku-san at the Hot Spring!! (Touhou Project.torrent.lnk

2014-12-31 00:14 - 2014-12-31 00:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Xilisoft

2014-12-31 00:13 - 2014-12-31 00:13 - 00002178 _____ () C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk

2014-12-31 00:13 - 2014-12-31 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft

2014-12-31 00:12 - 2014-12-31 00:12 - 00000000 ____D () C:\ProgramData\Xilisoft

2014-12-31 00:12 - 2014-12-31 00:12 - 00000000 ____D () C:\Program Files (x86)\Xilisoft

2014-12-30 22:24 - 2014-12-30 22:31 - 00000000 ____D () C:\Users\User\Downloads\Xilisoft.Video.Converter.Ultimate.v7.7.2.20130217.Incl.Keygen-BRD

2014-12-29 18:46 - 2014-12-29 18:46 - 00000000 ____D () C:\Users\User\Documents\Faasoft Video Converter

2014-12-29 18:44 - 2014-12-29 18:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Faasoft Video Converter

2014-12-29 16:51 - 2014-12-29 16:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\BaiduYunGuanjia

2014-12-29 16:51 - 2014-12-29 16:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\BaiduYunKernel

2014-12-26 01:25 - 2015-01-06 10:24 - 00001542 _____ () C:\Users\User\Desktop\ygopro.lnk

2014-12-25 17:20 - 2014-12-25 17:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YGOPro

2014-12-25 12:05 - 2015-01-23 10:19 - 02088687 _____ () C:\Windows\WindowsUpdate.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-23 10:19 - 2014-04-13 14:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\ViberPC

2015-01-23 10:18 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\User\AppData\Local\Viber

2015-01-23 10:08 - 2014-02-10 00:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype

2015-01-23 10:02 - 2014-12-05 17:29 - 00000000 ____D () C:\AdwCleaner

2015-01-23 09:28 - 2014-11-19 10:23 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA.job

2015-01-23 08:58 - 2014-02-10 00:37 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

2015-01-23 08:56 - 2014-02-10 02:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-01-23 08:55 - 2014-02-10 00:37 - 00000000 ____D () C:\ProgramData\Adobe

2015-01-23 01:13 - 2014-02-10 03:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\CDisplayEx

2015-01-23 01:00 - 2009-07-14 00:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-23 01:00 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-23 01:00 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-23 00:55 - 2014-02-09 23:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment

2015-01-23 00:55 - 2014-02-09 23:55 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-23 00:54 - 2014-02-10 17:33 - 00000000 ___RD () C:\Users\User\Dropbox

2015-01-23 00:54 - 2014-02-10 17:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox

2015-01-23 00:54 - 2014-02-10 00:43 - 00000000 ___RD () C:\Users\User\SkyDrive

2015-01-23 00:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-23 00:41 - 2014-06-25 13:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-22 22:56 - 2014-02-12 13:04 - 00000000 ____D () C:\Users\User\Documents\BYOND

2015-01-22 13:31 - 2014-10-22 23:52 - 00000000 ____D () C:\Users\User\Downloads\ppsspp

2015-01-22 10:28 - 2014-11-19 10:23 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core.job

2015-01-20 00:29 - 2014-07-07 19:51 - 00000000 ____D () C:\Users\User\AppData\Local\YGOPRO_PuzzleEditor

2015-01-19 08:05 - 2014-02-09 23:50 - 00000000 ____D () C:\Users\User

2015-01-16 20:05 - 2014-04-29 08:55 - 00002423 _____ () C:\Users\User\Desktop\Usmleworld QBank.lnk

2015-01-16 17:56 - 2014-07-29 12:20 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-16 16:56 - 2014-09-08 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-14 09:23 - 2014-02-10 00:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent

2015-01-14 08:26 - 2014-02-11 09:24 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-13 12:39 - 2014-02-10 00:21 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-13 12:39 - 2014-02-10 00:21 - 00000000 ____D () C:\ProgramData\Skype

2015-01-11 22:15 - 2014-02-10 00:29 - 00000294 _____ () C:\Users\User\Desktop\Movies to watch.txt

2015-01-05 08:56 - 2014-07-11 22:31 - 00000193 _____ () C:\Windows\WORDPAD.INI

2015-01-05 01:19 - 2014-02-09 23:59 - 00000000 ____D () C:\Users\User\Desktop\User's

2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-28 21:06 - 2014-02-10 17:01 - 00000000 ____D () C:\Users\User\Downloads\Songs

2014-12-26 00:57 - 2014-05-17 00:26 - 00000000 ____D () C:\Users\User\Ultimate

2014-12-25 12:10 - 2014-09-29 16:35 - 00000000 ____D () C:\ProgramData\EPSON

2014-12-24 11:18 - 2014-02-10 03:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\MusicBee

 

==================== Files in the root of some directories =======

2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll

2014-12-10 13:19 - 2014-12-10 13:36 - 0000106 _____ () C:\Users\User\AppData\Roaming\Camdata.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0004507 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg

2014-06-25 13:46 - 2014-06-25 13:47 - 0000077 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan

2015-01-18 17:00 - 2015-01-18 17:00 - 0002181 _____ () C:\Users\User\AppData\Local\recently-used.xbel

 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\dllnt_dump.dll

C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_jwwx.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-14 04:30

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by User at 2015-01-23 10:22:49

Running from C:\Users\User\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)

Adobe Connect 9 Add-in (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.966.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)

Akamai NetSession Interface (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)

Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.0 build 10 - Convivea Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-J625DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)

BYOND (HKLM-x32\...\BYOND) (Version: 503.1224 - BYOND) <==== ATTENTION!

calibre (HKLM-x32\...\{4838134A-8CFF-4D5B-B3C1-C110DA8DF61B}) (Version: 1.37.0 - Kovid Goyal)

CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)

CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CDisplayEx 1.10.4 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)

Daum PotPlayer 1.5.44465 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )

Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )

Dropbox (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

eMule (HKLM-x32\...\eMule) (Version:  - )

FlipTIB (HKLM-x32\...\FlipTIB) (Version:  - )

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)

Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)

MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)

PANDA-glGo (HKLM-x32\...\glGo) (Version: 1.4 - PANDANET Inc.)

Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden

Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.1 - Popcorn Time)

PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)

PrimoCache (Beta) 0.9.9 (HKLM\...\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1) (Version: 0.9.9 - Romex Software)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Remote Speakers output (HKLM-x32\...\{2102E316-9D40-4270-A81B-F60362DD39B4}) (Version: 4.7 - Eric Milles)

RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)

Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)

SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)

Skype for COM (x32 Version: 1.0.36 - Skype Technologies) Hidden

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)

Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)

SSDlife Pro (HKLM-x32\...\{B6AC6742-741D-4284-B9D0-626A72FF657E}) (Version: 2.5.60 - BinarySense Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)

System.Data.SQLite v1.0.93.0 (Release) (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.93.0 - System.Data.SQLite Team)

TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden

TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)

TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden

UltraChm 1.0 (HKLM-x32\...\UltraChm) (Version: 1.0 - UltraChm company, Inc.)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)

Viber (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)

XMedia Recode version 3.2.0.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.4 - XMedia Recode)

XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

23-01-2015 00:49:58 Installed Sawbuck

23-01-2015 03:00:12 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0A5EAEDC-0C9F-4311-83B1-91D25DBFBE09} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)

Task: {1407DB4E-D406-42C5-8D47-97B9C1C93D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)

Task: {1E1BC328-F0A0-423D-B1E1-BA4979EE3A01} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {2CCF4349-2A19-4447-84F9-C329191E026C} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Task: {4B525851-5587-465D-AC32-DFE60066228E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)

Task: {7578AB1C-F866-4488-98A4-C78521923746} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe

Task: {7A7575C4-4F2F-4C5D-9087-ACEF2AC9479D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

Task: {7FD88C7B-CBF8-4DEB-AE09-504FD1F825F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {8DCA54A2-7444-4BC5-99E5-AA5DA2E2CAF4} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)

Task: {9BF30BC2-F66E-46C1-86CD-9AA5FD835D35} - System32\Tasks\{202C7037-ED88-4446-BC02-F1C068DF13C7} => pcalua.exe -a "C:\Program Files (x86)\FlipTIB\FlipTIB.exe"

Task: {9CD25240-EDFA-479C-A236-EE69A32B6E56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

Task: {E58742CD-1E5F-4DEF-AC03-5D520F5E49C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EF2C70E6-998F-4BE1-B255-FCE808F8DA88} - System32\Tasks\{334F71CF-0C60-4D5D-B4C6-A62E9D324CF1} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-10 17:30 - 2014-01-28 20:23 - 00126560 _____ () C:\Program Files\PrimoCache (Beta)\PrimoCcSvc.exe

2014-03-29 22:42 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

2013-12-18 13:01 - 2013-12-18 13:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll

2014-10-01 18:48 - 2012-11-14 02:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2014-10-01 18:48 - 2012-11-14 02:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2014-02-10 00:03 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe

2014-04-13 14:25 - 2014-03-05 15:05 - 00936456 _____ () C:\Users\User\AppData\Local\Viber\Viber.exe

2014-02-12 22:58 - 2014-02-12 22:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-02-10 00:03 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

2014-09-24 17:51 - 2014-09-24 17:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-23 00:53 - 2015-01-23 00:53 - 00043008 _____ () c:\users\User\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_jwwx.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-03-29 22:42 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2014-09-24 17:51 - 2014-09-24 17:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

2014-09-15 15:58 - 2014-09-15 15:58 - 43532288 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libViber.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00770048 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00098304 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\qfacebook.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00172032 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libexif.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00049152 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libEGL.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00876544 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00024576 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00024576 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00204800 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00221184 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00016384 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00016384 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00311296 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00016384 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00638976 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00032768 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-458947259-368414734-4088398591-500 - Administrator - Disabled)

User (S-1-5-21-458947259-368414734-4088398591-1001 - Administrator - Enabled) => C:\Users\User

Guest (S-1-5-21-458947259-368414734-4088398591-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-458947259-368414734-4088398591-1002 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

==================== Memory info ===========================

 

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz

Percentage of memory in use: 77%

Total physical RAM: 3037.09 MB

Available physical RAM: 680.3 MB

Total Pagefile: 6072.35 MB

Available Pagefile: 3161.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:8.12 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E6579950)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

2014-12-31 00:14 - 2014-12-31 00:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Xilisoft

2014-12-31 00:13 - 2014-12-31 00:13 - 00002178 _____ () C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk

2014-12-31 00:13 - 2014-12-31 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft

2014-12-31 00:12 - 2014-12-31 00:12 - 00000000 ____D () C:\ProgramData\Xilisoft

2014-12-31 00:12 - 2014-12-31 00:12 - 00000000 ____D () C:\Program Files (x86)\Xilisoft

2014-12-30 22:24 - 2014-12-30 22:31 - 00000000 ____D () C:\Users\User\Downloads\Xilisoft.Video.Converter.Ultimate.v7.7.2.20130217.Incl.Keygen-BRD

Link to post
Share on other sites

I have uninstalled Xilisoft. I have rescanned:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by User (administrator) on USER-PC on 23-01-2015 11:42:11

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available profiles: User)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\PrimoCache (Beta)\primoccsvc.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe

(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Adobe Systems Incorporated) C:\Config.Msi\1b9da99.rbf

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() C:\Users\User\AppData\Local\Viber\Viber.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-16] (VIA)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [skyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [936456 2014-03-05] ()

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-19] (Google Inc.)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe [7440384 2014-10-15] (i-Funbox.com)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Run: [GoogleChromeAutoLaunch_A2AD96D9D80B13C2B435AE52A3C6CE0E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-20] (Google Inc.)

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\MountPoints2: F - F:\setup.exe

HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\MountPoints2: G - G:\setup.exe

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusNbKeys.exe - Shortcut.lnk

ShortcutTarget: AsusNbKeys.exe - Shortcut.lnk -> C:\Users\User\Desktop\AsusNbKeys_v1.3\AsusNbKeys.exe ()

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [s-1-5-21-458947259-368414734-4088398591-1001] => http=127.0.0.1:8555;https=127.0.0.1:8555

HKU\S-1-5-21-458947259-368414734-4088398591-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> DefaultScope {4CFF888D-776C-4E27-99E1-3D1C3F7F5B45} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> {0EE7ACC4-8736-4527-B85B-768CD5A1ABB0} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-458947259-368414734-4088398591-1001 -> {4CFF888D-776C-4E27-99E1-3D1C3F7F5B45} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()

Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File

Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-458947259-368414734-4088398591-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-10]

FF HKLM-x32\...\Firefox\Extensions: [iSAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com

FF HKLM-x32\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com

 

Chrome:

=======

CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D1D957-5A61-44D3-8685-0B4D0388BC74&SSPV=

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D1D957-5A61-44D3-8685-0B4D0388BC74&SSPV=", "hxxp://google.com/", "hxxp://search.conduit.com/?ctid=CT3321848&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDDD7104B-DC43-4600-96C8-FE2C17155A9A&SSPV=", "hxxp://mysearch.avg.com?cid={4495FA13-4758-4A56-A5AE-0A9A35353F08}&mid=b841c49d842747d2987041affc908ad4-0d61978659cac77876a222ea520cb50974297fa7〈=en&ds=st011&coid=avgtbdisst&cmpid=&pr=sa&d=2014-02-10 14:56:25&v=17.3.1.91&pid=safeguard&sg=&sap=hp"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]

CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09]

CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09]

CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-23]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-23]

CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]

CHR Extension: (Laterflix) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okojkkbmafjeoplgikaaihnnjghpiban [2015-01-23]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 PrimoCacheSvc; C:\Program Files\PrimoCache (Beta)\PrimoCcSvc.exe [126560 2014-01-28] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)

S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-08] (Company) [File not signed]

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

R0 FancyCcV; C:\Windows\System32\DRIVERS\rxfcv.sys [143968 2014-01-28] (Romex Software)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0114.sys [28768 2014-06-30] (SoftEther VPN Project at University of Tsukuba, Japan.)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] ()

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-23 10:51 - 2015-01-23 10:52 - 10830411 _____ () C:\Users\User\Downloads\Hotspot Shield 4.02 Elite + Universal Crack [mhktricks.net].zip

2015-01-23 10:51 - 2015-01-23 10:51 - 00002181 _____ () C:\Users\User\AppData\Local\recently-used.xbel

2015-01-23 10:18 - 2015-01-23 10:18 - 02126848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2015-01-23 10:04 - 2015-01-23 10:04 - 00000000 ____D () C:\ProgramData\hsswpr

2015-01-23 09:55 - 2015-01-23 09:55 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-23 09:55 - 2015-01-23 09:55 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-23 09:53 - 2015-01-23 09:53 - 02186752 _____ () C:\Users\User\Downloads\AdwCleaner.exe

2015-01-23 09:53 - 2015-01-23 09:53 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe

2015-01-23 09:52 - 2015-01-23 09:52 - 18570328 _____ () C:\Users\User\Downloads\RogueKillerX64.exe

2015-01-23 09:26 - 2015-01-23 09:26 - 00001072 _____ () C:\Users\User\Downloads\SystemLook.txt

2015-01-23 09:23 - 2015-01-23 09:23 - 00000000 ____D () C:\Users\User\Downloads\tdsskiller

2015-01-23 08:59 - 2015-01-23 08:59 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

2015-01-23 00:56 - 2015-01-23 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-23 00:55 - 2015-01-23 11:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-23 00:55 - 2015-01-23 01:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-23 00:55 - 2015-01-23 00:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-23 00:55 - 2015-01-23 00:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-23 00:53 - 2015-01-23 00:53 - 00000572 _____ () C:\Windows\PFRO.log

2015-01-23 00:53 - 2015-01-23 00:53 - 00000056 _____ () C:\Windows\setupact.log

2015-01-23 00:53 - 2015-01-23 00:53 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-23 00:50 - 2015-01-23 00:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sawbuck

2015-01-23 00:42 - 2015-01-23 11:41 - 00029447 _____ () C:\Users\User\Downloads\Addition.txt

2015-01-23 00:41 - 2015-01-23 11:42 - 00022927 _____ () C:\Users\User\Downloads\FRST.txt

2015-01-23 00:41 - 2015-01-23 11:42 - 00000000 ____D () C:\FRST

2015-01-23 00:28 - 2015-01-23 00:28 - 00001698 _____ () C:\Users\User\Downloads\software_removal_tool.log

2015-01-22 23:14 - 2015-01-22 23:22 - 207252620 _____ () C:\Users\User\Downloads\The.vampire.diaries.611.hdtv-lol.mp4

2015-01-20 00:29 - 2015-01-20 00:29 - 00000000 ____D () C:\Users\User\Downloads\YGOPUZZLEEditorV3

2015-01-19 23:57 - 2015-01-19 23:57 - 00750567 _____ () C:\Users\User\Downloads\YGOPUZZLEEditorV3.rar

2015-01-18 15:38 - 2015-01-18 15:38 - 00000000 ____D () C:\Users\User\Downloads\iTools0520E

2015-01-18 15:38 - 2015-01-18 15:38 - 00000000 ____D () C:\Users\User\Documents\iTools

2015-01-18 15:36 - 2015-01-18 15:36 - 00003464 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup

2015-01-18 15:36 - 2015-01-18 15:36 - 00003200 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start

2015-01-18 15:36 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Rainmaker Software Group LLC.​

2015-01-18 15:36 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\User\AppData\Local\Rainmaker_Software_Group_

2015-01-16 19:40 - 2015-01-16 19:40 - 22409731 _____ () C:\Users\User\Downloads\SmartGo Kifu2.0.ipa

2015-01-16 19:37 - 2015-01-18 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions

2015-01-16 19:37 - 2015-01-16 19:38 - 00000000 ____D () C:\ProgramData\WindSolutions

2015-01-16 17:56 - 2015-01-16 17:56 - 00001397 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk

2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate

2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\Program Files (x86)\Seagate

2015-01-16 16:56 - 2015-01-16 17:02 - 00002969 _____ () C:\Windows\SysWOW64\debug.log

2015-01-16 12:32 - 2015-01-16 12:46 - 00000000 ____D () C:\Program Files (x86)\iFunbox 2014

2015-01-15 13:07 - 2015-01-15 13:07 - 00000000 ____D () C:\Users\User\Downloads\dropbox_track_techsplurge

2015-01-14 20:13 - 2015-01-15 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-01-14 08:26 - 2015-01-14 08:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-14 04:11 - 2015-01-14 04:11 - 00000000 ____D () C:\Users\User\Documents\OneNote Notebooks

2015-01-13 12:51 - 2015-01-13 12:53 - 302917235 _____ () C:\Users\User\Downloads\Eye.Candy.S01E01.HDTV.x264-ASAP.mp4

2015-01-12 11:35 - 2015-01-12 11:35 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk

2015-01-12 11:35 - 2015-01-12 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time

2015-01-12 11:35 - 2015-01-12 11:35 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time

2015-01-11 11:43 - 2015-01-11 22:37 - 00000000 ____D () C:\Program Files\ComicRack

2015-01-10 23:18 - 2015-01-10 23:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\HandBrake

2015-01-10 23:17 - 2015-01-10 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake

2015-01-09 20:15 - 2015-01-09 20:15 - 02834862 _____ () C:\Users\User\Downloads\DataEditorX-master.zip

2015-01-08 16:07 - 2015-01-08 16:18 - 639838920 _____ () C:\Users\User\Downloads\Essential Anatomy 5 (v5.0 iPhone4 Univ LP os70)-Locophone-ICPDA.rc318.ipa

2015-01-08 14:39 - 2015-01-18 15:41 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam

2014-12-31 00:14 - 2014-12-31 00:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Xilisoft

2014-12-29 18:46 - 2014-12-29 18:46 - 00000000 ____D () C:\Users\User\Documents\Faasoft Video Converter

2014-12-29 16:51 - 2014-12-29 16:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\BaiduYunGuanjia

2014-12-29 16:51 - 2014-12-29 16:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\BaiduYunKernel

2014-12-26 01:25 - 2015-01-06 10:24 - 00001542 _____ () C:\Users\User\Desktop\ygopro.lnk

2014-12-25 17:20 - 2014-12-25 17:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YGOPro

2014-12-25 12:05 - 2015-01-23 10:19 - 02088687 _____ () C:\Windows\WindowsUpdate.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-23 11:36 - 2014-02-10 00:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype

2015-01-23 11:28 - 2014-11-19 10:23 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA.job

2015-01-23 10:51 - 2014-02-09 23:50 - 00000000 ____D () C:\Users\User

2015-01-23 10:46 - 2014-07-20 22:57 - 00000000 ____D () C:\Users\User\Downloads\MMBN Chrono X Demo 4.0.1

2015-01-23 10:35 - 2014-03-29 13:46 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode

2015-01-23 10:28 - 2014-11-19 10:23 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core.job

2015-01-23 10:19 - 2014-04-13 14:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\ViberPC

2015-01-23 10:18 - 2014-04-13 14:25 - 00000000 ____D () C:\Users\User\AppData\Local\Viber

2015-01-23 10:02 - 2014-12-05 17:29 - 00000000 ____D () C:\AdwCleaner

2015-01-23 08:58 - 2014-02-10 00:37 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

2015-01-23 08:56 - 2014-02-10 02:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-01-23 08:55 - 2014-02-10 00:37 - 00000000 ____D () C:\ProgramData\Adobe

2015-01-23 01:13 - 2014-02-10 03:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\CDisplayEx

2015-01-23 01:00 - 2009-07-14 00:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-23 01:00 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-23 01:00 - 2009-07-13 23:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-23 00:55 - 2014-02-09 23:55 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment

2015-01-23 00:55 - 2014-02-09 23:55 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-23 00:54 - 2014-02-10 17:33 - 00000000 ___RD () C:\Users\User\Dropbox

2015-01-23 00:54 - 2014-02-10 17:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox

2015-01-23 00:54 - 2014-02-10 00:43 - 00000000 ___RD () C:\Users\User\SkyDrive

2015-01-23 00:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-23 00:41 - 2014-06-25 13:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-22 22:56 - 2014-02-12 13:04 - 00000000 ____D () C:\Users\User\Documents\BYOND

2015-01-22 13:31 - 2014-10-22 23:52 - 00000000 ____D () C:\Users\User\Downloads\ppsspp

2015-01-20 00:29 - 2014-07-07 19:51 - 00000000 ____D () C:\Users\User\AppData\Local\YGOPRO_PuzzleEditor

2015-01-16 20:05 - 2014-04-29 08:55 - 00002423 _____ () C:\Users\User\Desktop\Usmleworld QBank.lnk

2015-01-16 17:56 - 2014-07-29 12:20 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-16 16:56 - 2014-09-08 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-14 08:26 - 2014-02-11 09:24 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-13 12:39 - 2014-02-10 00:21 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-13 12:39 - 2014-02-10 00:21 - 00000000 ____D () C:\ProgramData\Skype

2015-01-11 22:15 - 2014-02-10 00:29 - 00000294 _____ () C:\Users\User\Desktop\Movies to watch.txt

2015-01-05 08:56 - 2014-07-11 22:31 - 00000193 _____ () C:\Windows\WORDPAD.INI

2015-01-05 01:19 - 2014-02-09 23:59 - 00000000 ____D () C:\Users\User\Desktop\User's

2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-28 21:06 - 2014-02-10 17:01 - 00000000 ____D () C:\Users\User\Downloads\Songs

2014-12-26 00:57 - 2014-05-17 00:26 - 00000000 ____D () C:\Users\User\Ultimate

2014-12-25 12:10 - 2014-09-29 16:35 - 00000000 ____D () C:\ProgramData\EPSON

2014-12-24 11:18 - 2014-02-10 03:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\MusicBee

 

==================== Files in the root of some directories =======

2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll

2014-12-10 13:19 - 2014-12-10 13:36 - 0000106 _____ () C:\Users\User\AppData\Roaming\Camdata.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini

2014-12-10 13:19 - 2014-12-10 13:36 - 0004507 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg

2014-06-25 13:46 - 2014-06-25 13:47 - 0000077 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan

2015-01-23 10:51 - 2015-01-23 10:51 - 0002181 _____ () C:\Users\User\AppData\Local\recently-used.xbel

 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\dllnt_dump.dll

C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_jwwx.dll

C:\Users\User\AppData\Local\Temp\pslist.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-14 04:30

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by User at 2015-01-23 11:42:54

Running from C:\Users\User\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)

Adobe Connect 9 Add-in (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.966.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)

Akamai NetSession Interface (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)

Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.0 build 10 - Convivea Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-J625DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)

BYOND (HKLM-x32\...\BYOND) (Version: 503.1224 - BYOND) <==== ATTENTION!

calibre (HKLM-x32\...\{4838134A-8CFF-4D5B-B3C1-C110DA8DF61B}) (Version: 1.37.0 - Kovid Goyal)

CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)

CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CDisplayEx 1.10.4 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)

Daum PotPlayer 1.5.44465 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )

Dropbox (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

eMule (HKLM-x32\...\eMule) (Version:  - )

FlipTIB (HKLM-x32\...\FlipTIB) (Version:  - )

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)

Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)

MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)

PANDA-glGo (HKLM-x32\...\glGo) (Version: 1.4 - PANDANET Inc.)

Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden

Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.1 - Popcorn Time)

PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)

PrimoCache (Beta) 0.9.9 (HKLM\...\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1) (Version: 0.9.9 - Romex Software)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Remote Speakers output (HKLM-x32\...\{2102E316-9D40-4270-A81B-F60362DD39B4}) (Version: 4.7 - Eric Milles)

RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)

Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)

SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)

Skype for COM (x32 Version: 1.0.36 - Skype Technologies) Hidden

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)

Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)

SSDlife Pro (HKLM-x32\...\{B6AC6742-741D-4284-B9D0-626A72FF657E}) (Version: 2.5.60 - BinarySense Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)

System.Data.SQLite v1.0.93.0 (Release) (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.93.0 - System.Data.SQLite Team)

TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden

TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)

TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden

UltraChm 1.0 (HKLM-x32\...\UltraChm) (Version: 1.0 - UltraChm company, Inc.)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)

Viber (HKU\S-1-5-21-458947259-368414734-4088398591-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-458947259-368414734-4088398591-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

23-01-2015 00:49:58 Installed Sawbuck

23-01-2015 03:00:12 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0A5EAEDC-0C9F-4311-83B1-91D25DBFBE09} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)

Task: {1407DB4E-D406-42C5-8D47-97B9C1C93D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)

Task: {1E1BC328-F0A0-423D-B1E1-BA4979EE3A01} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {2CCF4349-2A19-4447-84F9-C329191E026C} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Task: {4B525851-5587-465D-AC32-DFE60066228E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)

Task: {7578AB1C-F866-4488-98A4-C78521923746} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe

Task: {7A7575C4-4F2F-4C5D-9087-ACEF2AC9479D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

Task: {7FD88C7B-CBF8-4DEB-AE09-504FD1F825F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {8DCA54A2-7444-4BC5-99E5-AA5DA2E2CAF4} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)

Task: {9BF30BC2-F66E-46C1-86CD-9AA5FD835D35} - System32\Tasks\{202C7037-ED88-4446-BC02-F1C068DF13C7} => pcalua.exe -a "C:\Program Files (x86)\FlipTIB\FlipTIB.exe"

Task: {9CD25240-EDFA-479C-A236-EE69A32B6E56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

Task: {E58742CD-1E5F-4DEF-AC03-5D520F5E49C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EF2C70E6-998F-4BE1-B255-FCE808F8DA88} - System32\Tasks\{334F71CF-0C60-4D5D-B4C6-A62E9D324CF1} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-458947259-368414734-4088398591-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-10 17:30 - 2014-01-28 20:23 - 00126560 _____ () C:\Program Files\PrimoCache (Beta)\PrimoCcSvc.exe

2014-03-29 22:42 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

2013-12-18 13:01 - 2013-12-18 13:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll

2014-10-01 18:48 - 2012-11-14 02:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2014-10-01 18:48 - 2012-11-14 02:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2014-02-10 00:03 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe

2014-02-10 00:39 - 2014-01-18 17:06 - 00214528 _____ () C:\Program Files\CDisplayEx\libwebp.dll

2014-02-10 00:39 - 2013-12-01 17:10 - 00257624 _____ () C:\Program Files\CDisplayEx\unrar.dll

2014-04-13 14:25 - 2014-03-05 15:05 - 00936456 _____ () C:\Users\User\AppData\Local\Viber\Viber.exe

2014-02-12 22:58 - 2014-02-12 22:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-02-10 00:03 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

2014-09-24 17:51 - 2014-09-24 17:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

2014-09-24 17:51 - 2014-09-24 17:51 - 00081056 _____ () C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-23 00:53 - 2015-01-23 00:53 - 00043008 _____ () c:\users\User\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_jwwx.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-03-29 22:42 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 43532288 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libViber.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00770048 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00098304 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\qfacebook.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00172032 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libexif.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00049152 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\libEGL.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00876544 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00024576 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00024576 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00204800 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00221184 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00016384 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00016384 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00311296 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00016384 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00638976 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll

2014-09-15 15:58 - 2014-09-15 15:58 - 00032768 _____ () C:\Users\User\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll

2015-01-23 00:56 - 2015-01-20 22:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

2013-07-10 21:07 - 2013-07-10 21:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1a9cc94c-324ac7bf-n\ntpsdll32.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-458947259-368414734-4088398591-500 - Administrator - Disabled)

User (S-1-5-21-458947259-368414734-4088398591-1001 - Administrator - Enabled) => C:\Users\User

Guest (S-1-5-21-458947259-368414734-4088398591-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-458947259-368414734-4088398591-1002 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

==================== Memory info ===========================

 

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz

Percentage of memory in use: 68%

Total physical RAM: 3037.09 MB

Available physical RAM: 970.48 MB

Total Pagefile: 6072.35 MB

Available Pagefile: 2922.11 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:8.29 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E6579950)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.