Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure if infected with Malware/virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 TheSentinel

TheSentinel

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 20 January 2015 - 09:33 PM

Hey, not sure if I'm infected could someone take a look?

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16599  BrowserJavaVersion: 10.55.2
Run by Ruben at 18:07:49 on 2015-01-20
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3582.1262 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Logitech\H800\H800.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\PING.EXE
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sigalert.com/Map.asp?Region=Greater+Los+Angeles
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Google Update] "c:\users\ruben\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_95FB747E4BF45A524DC3F1DEEB52F976] "c:\users\ruben\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRunOnce: [EVEREST AutoStart] c:\users\ruben\desktop\everest ultimate edition v. 4.00.976\everest.exe
uRunOnce: [Adobe Speed Launcher] 1421804855
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [Logitech H800] c:\program files\logitech\h800\H800.exe
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
dRun: [Google Update] "c:\windows\system32\config\systemprofile\appdata\local\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\users\ruben\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D658CAB7-4FF4-4786-8C25-FBC7469B3AB0} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ruben\appdata\roaming\mozilla\firefox\profiles\v0273n7z.default-1353314171642\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\my image garden\addon\cig\npmigfpi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ruben\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\users\ruben\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\ruben\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\ruben\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\ruben\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ruben\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_257.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2012-7-23 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2012-7-23 91992]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-9-15 21504]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\nvidia corporation\geforce experience service\GfExperienceService.exe [2014-11-5 915600]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2013-12-13 1701520]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-12-15 450848]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-6-5 116056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-7-21 16640]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-6-5 104792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S4 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-7-20 206120]
S4 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-7-20 185640]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-21 01:46:14 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{51ff64a2-957d-4bf4-b7ef-e98cd35dd1b8}\gapaengine.dll
2015-01-21 01:33:26 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{22892136-bb2d-4d34-adc1-548deadb1fc6}\gapaengine.dll
2015-01-20 09:52:20 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{283050a8-d131-4206-bf24-a0d30558ffab}\mpengine.dll
2015-01-16 16:26:07 908608 ----a-w- c:\windows\system32\nvhdagenco32.dll
2015-01-16 16:26:07 27280 ----a-w- c:\windows\system32\nvhdap32.dll
2015-01-16 16:26:07 161424 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2015-01-16 16:26:06 24764048 ----a-w- c:\windows\system32\nvoglv32.dll
2015-01-16 16:26:06 16039176 ----a-w- c:\windows\system32\nvwgf2um.dll
2015-01-16 16:26:06 10771128 ----a-w- c:\windows\system32\nvopencl.dll
2015-01-16 16:26:05 8536208 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-01-16 16:26:05 346944 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2015-01-16 16:26:05 3249984 ----a-w- c:\windows\system32\nvcuvid.dll
2015-01-16 16:26:05 10710344 ----a-w- c:\windows\system32\nvcuda.dll
2015-01-16 16:26:02 20465808 ----a-w- c:\windows\system32\nvcompiler.dll
2015-01-16 07:53:59 9054624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{459a80b1-2401-4df0-8c01-9fe5293fff16}\mpengine.dll
2015-01-16 07:53:44 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-16 07:37:01 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-01-16 07:37:01 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-01-16 07:37:01 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-16 07:36:40 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-01-16 07:35:52 911504 ----a-w- c:\windows\system32\nvdispgenco3234709.dll
2015-01-16 07:35:52 1047696 ----a-w- c:\windows\system32\nvdispco3234709.dll
.
==================== Find3M  ====================
.
2015-01-14 19:58:12 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 19:58:12 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-06 12:36:02 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 10:02:10 2897640 ----a-w- c:\windows\system32\nvapi.dll
2014-12-13 10:02:10 14128496 ----a-w- c:\windows\system32\nvd3dum.dll
2014-12-13 07:30:19 4403016 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 07:30:19 3056784 ----a-w- c:\windows\system32\nvsvc.dll
2014-12-13 07:30:17 669840 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 07:30:17 62784 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 07:30:17 375112 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 07:30:17 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-11 12:49:36 4151176 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-24 20:44:32 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40:49 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-07 01:33:21 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-04 00:19:33 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-30 09:07:46 906048 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-10-30 04:49:27 908608 ----a-w- c:\windows\system32\nvdispgenco3234460.dll
2014-10-30 04:49:27 1043264 ----a-w- c:\windows\system32\nvdispco3234460.dll
2014-10-24 01:04:29 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-24 01:03:40 499200 ----a-w- c:\windows\system32\kerberos.dll
.
============= FINISH: 18:08:57.00 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 20 January 2015 - 11:09 PM

Greetings TheSentinel and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please describe any symptoms you are experiencing. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 20 January 2015 - 11:48 PM

Hey,

 

You can call me Sent

 

My PC seems a bit sluggish when i start it up and over the past couple days has been sluggish using internet, I already contacted my ISP but they didn't find anything. I've already reviewed my msconfig and control panel>program files, but maybe i missed something.

 

Here is the info you asked for.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Ruben (administrator) on BEASTV2 on 20-01-2015 20:37:42
Running from C:\Users\Ruben\Desktop
Loaded Profiles: Ruben (Available profiles: Ruben & Guest)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Logitech) C:\Program Files\Logitech\H800\H800.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech H800] => C:\Program Files\Logitech\H800\H800.exe [273432 2011-07-29] (Logitech)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4349952 2007-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [Google Update] => C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [334224 2009-06-10] (The Eraser Project)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [GoogleChromeAutoLaunch_95FB747E4BF45A524DC3F1DEEB52F976] => C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\RunOnce: [EVEREST AutoStart] => C:\Users\Ruben\Desktop\Everest Ultimate Edition V. 4.00.976\everest.exe [2141544 2007-09-02] (Lavalys, Inc.)
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\RunOnce: [Adobe Speed Launcher] => 1421804855
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\MountPoints2: {b27a7311-0caa-11e1-a3a6-0019dbb0d0bc} - J:\TL-Bootstrap.exe
HKU\S-1-5-18\...\Run: [Google Update] => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sigalert.com/Map.asp?Region=Greater+Los+Angeles
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-1735043674-136120036-3448280008-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1735043674-136120036-3448280008-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\v0273n7z.default-1353314171642
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1735043674-136120036-3448280008-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Ruben\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKU\S-1-5-21-1735043674-136120036-3448280008-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ruben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1735043674-136120036-3448280008-1000: @talk.google.com/O1DPlugin -> C:\Users\Ruben\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1735043674-136120036-3448280008-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1735043674-136120036-3448280008-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1735043674-136120036-3448280008-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ruben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\v0273n7z.default-1353314171642\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ruben\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ruben\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Distill Web Monitor (formerly AlertBox) - C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\v0273n7z.default-1353314171642\Extensions\alertbox@ajitk.com.xpi [2012-11-21]
FF Extension: Test Pilot - C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\v0273n7z.default-1353314171642\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-19]
FF Extension: NoScript - C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\v0273n7z.default-1353314171642\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-14]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-14]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKLM\...\Firefox\Extensions: [ClickPotatoLite@ClickPotatoLite.com] - C:\Program Files\ClickPotatoLite\bin\10.0.523.0\firefox\extensions
FF HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Ruben\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Ruben\AppData\Roaming\Move Networks [2009-09-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (E*TRADE Browser Trading) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Google Cast) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-02]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-02-06]
CHR Extension: (Pandora Listener) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\danjmbbdjabpapehlajpomcignjnoidp [2014-11-05]
CHR Extension: (Pandora) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-11-05]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2013-12-28]
CHR Extension: (Skype Click to Call) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-11-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [mffdcionknddopdmdnloanoafafkmckb] - C:\Users\Ruben\AppData\Roaming\OpenCandy\03448ABABE054BCBB50D7B509E6A77E0\extension.crx [2012-06-20]
CHR HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ruben\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-05]
CHR HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR StartMenuInternet: Google Chrome - C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-05-03] (Adobe Systems) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2010-07-20] (SupportSoft, Inc.)
S4 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2010-07-20] (SupportSoft, Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-12-15] (Logitech Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [16640 2010-12-30] (Wondershare) [File not signed]
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q6032.sys [272136 2013-04-15] (Intel Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 HwIOctl; \??\C:\Program Files\Setup Files\MS-7350 v1.70\HwIOctl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Memctl; \??\C:\Program Files\Setup Files\MS-7350 v1.70\Memctl.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 USB28xxBGA; system32\DRIVERS\emBDA.sys [X]
S3 USB28xxOEM; system32\DRIVERS\emOEM.sys [X]
S3 WEBNTACCESS; \??\C:\PROGRA~1\MSI\LIVEUP~1\NTACCESS.SYS [X]
U3 mbr; \??\C:\Users\Ruben\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 20:37 - 2015-01-20 20:38 - 00026638 _____ () C:\Users\Ruben\Desktop\FRST.txt
2015-01-20 20:37 - 2015-01-20 20:37 - 00000000 ____D () C:\FRST
2015-01-20 20:34 - 2015-01-20 20:34 - 01118208 _____ (Farbar) C:\Users\Ruben\Desktop\FRST.exe
2015-01-20 18:09 - 2015-01-20 18:09 - 00009837 _____ () C:\Users\Ruben\Desktop\attach.txt
2015-01-20 18:09 - 2015-01-20 18:08 - 00019101 _____ () C:\Users\Ruben\Desktop\dds.txt
2015-01-20 18:06 - 2015-01-20 18:04 - 00688992 ____R (Swearware) C:\Users\Ruben\Desktop\dds.com
2015-01-16 08:26 - 2014-12-13 02:02 - 24764048 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-01-16 08:26 - 2014-12-13 02:02 - 20465808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-16 08:26 - 2014-12-13 02:02 - 16039176 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-01-16 08:26 - 2014-12-13 02:02 - 10771128 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-16 08:26 - 2014-12-13 02:02 - 10710344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-16 08:26 - 2014-12-13 02:02 - 08536208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-16 08:26 - 2014-12-13 02:02 - 03249984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-16 08:26 - 2014-12-13 02:02 - 00346944 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-16 08:26 - 2014-10-09 09:02 - 00161424 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-01-16 08:26 - 2014-10-09 09:02 - 00027280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-01-16 08:26 - 2014-10-08 23:17 - 00908608 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco32.dll
2015-01-15 23:53 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 23:37 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 23:37 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 23:37 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 23:36 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 23:35 - 2014-12-13 02:02 - 01047696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234709.dll
2015-01-15 23:35 - 2014-12-13 02:02 - 00911504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234709.dll
2015-01-15 23:35 - 2014-12-13 02:02 - 00022896 _____ () C:\Windows\system32\nvinfo.pb
2015-01-14 20:54 - 2015-01-14 20:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-11 10:16 - 2015-01-11 10:16 - 00000518 _____ () C:\Users\Ruben\Documents\RedPandaGasp.htm
2014-12-28 14:16 - 2014-12-28 14:19 - 47645360 _____ () C:\Users\Ruben\Downloads\Phoenix-Firestorm-Release-4-6-9-42974_Setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 20:16 - 2011-07-08 06:46 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 20:11 - 2014-02-07 13:06 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-01-20 20:09 - 2009-09-25 10:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735043674-136120036-3448280008-1000UA.job
2015-01-20 20:09 - 2009-09-25 10:05 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735043674-136120036-3448280008-1000Core.job
2015-01-20 19:58 - 2012-07-01 07:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 19:46 - 2006-11-02 04:47 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:46 - 2006-11-02 04:47 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:13 - 2009-09-15 09:23 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\Skype
2015-01-20 19:13 - 2006-11-02 04:52 - 01738597 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 18:16 - 2011-07-08 06:46 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 17:48 - 2012-04-25 12:15 - 00000000 ___RD () C:\Users\Ruben\Google Drive
2015-01-20 17:47 - 2012-08-17 18:21 - 00000000 ____D () C:\Users\Ruben\Desktop\Everest Ultimate Edition V. 4.00.976
2015-01-20 17:46 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 17:31 - 2010-10-18 07:46 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Eraser
2015-01-20 17:31 - 2006-11-02 05:01 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-20 13:54 - 2013-11-06 10:30 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Firestorm
2015-01-20 13:11 - 2014-02-07 13:06 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-01-16 09:31 - 2014-11-02 18:34 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\OBS
2015-01-16 08:31 - 2006-11-02 02:33 - 00762954 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 08:28 - 2009-09-14 18:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 08:14 - 2009-09-14 15:47 - 00002032 _____ () C:\Users\Ruben\AppData\Local\d3d9caps.dat
2015-01-15 23:53 - 2013-07-14 12:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 23:38 - 2006-11-02 02:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-15 12:00 - 2012-03-17 19:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-14 11:58 - 2012-03-30 08:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 11:58 - 2011-05-18 08:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 09:13 - 2009-09-25 10:07 - 00002042 _____ () C:\Users\Ruben\Desktop\Google Chrome.lnk
2015-01-13 15:44 - 2014-09-02 22:08 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Adobe
2015-01-07 00:32 - 2010-08-06 23:32 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\vlc
2015-01-06 04:36 - 2009-10-02 23:08 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 14:22 - 2014-08-27 17:08 - 00000962 _____ () C:\Users\Public\Desktop\Firestorm-Release.lnk
2014-12-28 14:21 - 2014-08-27 17:07 - 00000000 ____D () C:\Program Files\Firestorm-Release
 
==================== Files in the root of some directories =======
2010-09-17 00:09 - 2010-09-17 00:09 - 0000000 _____ () C:\Users\Ruben\AppData\Roaming\.NANotifyHere
2009-09-14 15:47 - 2015-01-16 08:14 - 0002032 _____ () C:\Users\Ruben\AppData\Local\d3d9caps.dat
2011-09-21 10:11 - 2014-06-17 01:31 - 0005120 _____ () C:\Users\Ruben\AppData\Local\Databases.db
2009-11-03 00:58 - 2014-09-11 00:02 - 0026624 _____ () C:\Users\Ruben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Files to move or delete:
====================
C:\Users\Public\diskwipe.exe
 
 
Some content of TEMP:
====================
C:\Users\Ruben\AppData\Local\Temp\.exe
C:\Users\Ruben\AppData\Local\Temp\16AB.exe
C:\Users\Ruben\AppData\Local\Temp\ApnStub.exe
C:\Users\Ruben\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Ruben\AppData\Local\Temp\bbcap.dll
C:\Users\Ruben\AppData\Local\Temp\bbchlp.dll
C:\Users\Ruben\AppData\Local\Temp\bdfilters.dll
C:\Users\Ruben\AppData\Local\Temp\B~NSISu_.exe
C:\Users\Ruben\AppData\Local\Temp\contentDATs.exe
C:\Users\Ruben\AppData\Local\Temp\ef01f78e-afb9-0e2c-b75c-7d821e634373.tmp.exe
C:\Users\Ruben\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Ruben\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Ruben\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\Ruben\AppData\Local\Temp\gpushark.exe
C:\Users\Ruben\AppData\Local\Temp\hcuninstaller_20130528_115351_15412.exe
C:\Users\Ruben\AppData\Local\Temp\install_flashplayer15x32au_mssa_awc_aih.exe
C:\Users\Ruben\AppData\Local\Temp\install_flash_player.exe
C:\Users\Ruben\AppData\Local\Temp\instsl.exe
C:\Users\Ruben\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u18-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\libmfxsw32.dll
C:\Users\Ruben\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ruben\AppData\Local\Temp\mssinstaller.exe
C:\Users\Ruben\AppData\Local\Temp\NGMDll.dll
C:\Users\Ruben\AppData\Local\Temp\NGMResource.dll
C:\Users\Ruben\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Ruben\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Ruben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ruben\AppData\Local\Temp\ooVooTBing.exe
C:\Users\Ruben\AppData\Local\Temp\prismsetup.exe
C:\Users\Ruben\AppData\Local\Temp\psapi.dll
C:\Users\Ruben\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Ruben\AppData\Local\Temp\Second_Life_Updater.exe
C:\Users\Ruben\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ruben\AppData\Local\Temp\setup_vodburner.exe
C:\Users\Ruben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ruben\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Ruben\AppData\Local\Temp\unicows.dll
C:\Users\Ruben\AppData\Local\Temp\uninstall.exe
C:\Users\Ruben\AppData\Local\Temp\UnityWebPlayer7234874103976633236.exe
C:\Users\Ruben\AppData\Local\Temp\_ir_sf7_temp_0DirectorSetup.exe
C:\Users\Ruben\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-20 17:52
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Ruben at 2015-01-20 20:38:49
Running from C:\Users\Ruben\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Activision® (Version: 1.00.0000 - Activision) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agent Ransack 2010 (HKLM\...\Agent Ransack_is1) (Version:  - )
Amazon Kindle For PC v1.0 (HKLM\...\Amazon Kindle For PC) (Version:  - )
Amazon MP3 Downloader 1.0.5 (HKLM\...\Amazon MP3 Downloader) (Version:  - )
Amazon MP3 Uploader (HKLM\...\com.amazon.music.uploader) (Version: 1.0.6 - Amazon Services LLC)
Amazon MP3 Uploader (Version: 1.0.6 - Amazon Services LLC) Hidden
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{36E4EF40-F7AD-FF81-F8DD-A763DAD6CA2D}) (Version: 3.0.745.0 - ATI Technologies, Inc.)
AuralogComponentsUninstall7 (HKLM\...\AuralogComponentsUninstall7.exe) (Version:  - Auralog)
Batman™: Arkham Origins (HKLM\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Beyond Compare Version 3.1.10 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
CameraHelperMsi (Version: 13.40.836.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series User Registration (HKLM\...\Canon MG5400 series User Registration) (Version:  - Canon Inc.‎)
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
Canon MX420 series User Registration (HKLM\...\Canon MX420 series User Registration) (Version:  - )
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Drum Controller Standard Tuning Kit (HKLM\...\InstallShield_{FC8A7918-D65D-440C-9596-C88185E8DCA4}) (Version: 1.00.0000 - Activision)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Eraser 5.8.7 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.7 - The Eraser Project)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.3.3 (HKLM\...\FileZilla Client) (Version: 3.3.3 - )
Firestorm-Release (remove only) (HKLM\...\Firestorm-Release) (Version: 4.6.9.42974 - The Phoenix Firestorm Project, Inc.)
Fitbit Connect (HKLM\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Geeks3D FurMark 1.11.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
InfiniteCrisis (HKLM\...\InfiniteCrisis) (Version:  - Turbine, Inc)
iTunes (HKLM\...\{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 1.3 - Riot Games) Hidden
League of Legends (Version: 3.0.0 - Riot Games) Hidden
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Logitech H800 (HKLM\...\{E7A8414E-944B-4D73-9F3F-C4E5266DF85C}) (Version: 1.0.034 - Logitech)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
Marvel Heroes Game (HKLM\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Move Media Player (HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.1.18 (HKLM\...\{D3F9003B-7D17-4317-B61B-0694FF5333F8}) (Version: 4.1.18 - Oracle Corporation)
Pandora (HKLM\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
Phoenix Viewer 1.6.0.1691 (HKLM\...\{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1) (Version:  - PhoenixViewer.com)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5361 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1735043674-136120036-3448280008-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
VanDyke Software SecureCRT 7.1 (HKLM\...\{FF7E0D5F-28C6-463D-950E-70C0B5328FF8}) (Version: 7.1.2 - VanDyke Software, Inc.)
Verizon Download Manager (HKLM\...\{CCD35D5A-7B97-46E0-AB2E-21C59BA253B6}) (Version: 1.0.0 - Verizon)
Visual CertExam Suite (HKLM\...\Visual CertExam Suite_is1) (Version:  - Avanset)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.2.183.23\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Ruben\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Chrome\Application\39.0.2171.99\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
29-12-2014 13:38:57 Scheduled Checkpoint
30-12-2014 08:37:21 Windows Update
04-01-2015 17:41:52 Windows Update
09-01-2015 08:21:47 Windows Update
11-01-2015 11:36:17 Scheduled Checkpoint
13-01-2015 09:50:44 Windows Update
15-01-2015 23:32:52 Device Driver Package Install: NVIDIA Mice and other pointing devices
15-01-2015 23:35:57 Windows Update
15-01-2015 23:36:19 Device Driver Package Install: NVIDIA Display adapters
16-01-2015 08:26:45 Device Driver Package Install: NVIDIA Display adapters
16-01-2015 08:28:53 Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
16-01-2015 08:29:12 Device Driver Package Install: NVIDIA Universal Serial Bus controllers
20-01-2015 01:38:49 Scheduled Checkpoint
20-01-2015 01:52:11 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1CB7CE39-0F39-44BE-B7C5-254E5CAB060E} - System32\Tasks\{1F7B517B-6F7A-4EA1-AD65-98EE1A249FB6} => C:\Program Files\Skype\Phone\Skype.exe [2014-11-27] (Skype Technologies S.A.)
Task: {3C135C62-E037-45DB-B2A9-E0DF0C130560} - System32\Tasks\{E7AB1A77-0C44-45B9-AE20-81FBC6F37081} => pcalua.exe -a C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Task: {638566AE-2E73-406E-8A17-1354885CBE20} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {65C6EEE0-2847-454C-B117-79BC9C19366C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {81498919-A8DB-4E4A-8F33-37F8ECB5703B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1735043674-136120036-3448280008-1000UA => C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {869D738B-9360-43FF-B476-0387CD29F750} - System32\Tasks\{0F8FE2F2-6AFA-45A5-8AB4-14DB65B3495B} => pcalua.exe -a "C:\Program Files\TeamViewer\Version5\uninstall.exe"
Task: {A3C284D3-AFD8-4234-8B0F-DE33E6A45935} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ruben => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {C3E092BD-AD28-47FE-8CEF-AB589159755B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {C803E363-B7B5-49D5-B596-D5672374E1A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {D0F14C8F-9A34-4C61-87AD-E1D1095113AF} - System32\Tasks\{4ABE1EDE-DB2D-4C3E-927A-CBA7F0B2CC0C} => pcalua.exe -a C:\Users\Ruben\Documents\vlc-1.0.3-win32.exe -d C:\Users\Ruben\Documents
Task: {F4F14054-D4B4-4084-B6F5-25C5832709D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1735043674-136120036-3448280008-1000Core => C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F751A160-355D-41DD-9EA5-AA4528305F49} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {FCB8F64D-765C-40C2-8F6E-69CEB045D894} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735043674-136120036-3448280008-1000Core.job => C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735043674-136120036-3448280008-1000UA.job => C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-13 13:54 - 2010-06-13 13:54 - 00094208 _____ () C:\Users\Ruben\FileZilla FTP Client\fzshellext.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2009-06-17 10:40 - 2009-06-17 10:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 10:40 - 2009-06-17 10:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 10:40 - 2009-06-17 10:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-01-14 09:12 - 2015-01-08 16:35 - 09009480 _____ () C:\Users\Ruben\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 09:12 - 2015-01-08 16:35 - 01677128 _____ () C:\Users\Ruben\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00098816 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32api.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00110080 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pywintypes27.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00364544 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pythoncom27.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00045568 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_socket.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01160704 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ssl.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00320512 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00713216 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_hashlib.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01175040 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._core_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00805888 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00811008 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._windows_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01062400 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._controls_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00735232 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._misc_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00128512 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_elementtree.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00127488 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pyexpat.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00557056 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00087552 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ctypes.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00119808 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32file.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00108544 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32security.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00007168 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\hashobjs_ext.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00167936 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32gui.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00018432 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32event.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00038912 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32inet.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00011264 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32crypt.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00070656 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._html2.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00027136 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00035840 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32process.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00686080 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\unicodedata.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00122368 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._wizard.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00024064 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pipe.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00025600 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pdh.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00525640 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00010240 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\select.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00017408 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32profile.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00022528 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32ts.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00078336 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._animate.pyd
2015-01-14 09:12 - 2015-01-08 16:35 - 14913352 _____ () C:\Users\Ruben\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
2014-04-10 22:30 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 22:30 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-01-14 20:54 - 2015-01-14 20:54 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-14 11:58 - 2015-01-14 11:58 - 16844464 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: sprtsvc_verizondm => 2
MSCONFIG\Services: tgsrvc_verizondm => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: VERIZONDM => "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1735043674-136120036-3448280008-500 - Administrator - Disabled)
Guest (S-1-5-21-1735043674-136120036-3448280008-501 - Limited - Enabled) => C:\Users\Guest
Ruben (S-1-5-21-1735043674-136120036-3448280008-1000 - Administrator - Enabled) => C:\Users\Ruben
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/20/2015 07:16:11 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 06:53:41 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 06:14:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 06:09:45 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 05:49:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/20/2015 05:49:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/20/2015 05:49:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/20/2015 05:49:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/20/2015 05:49:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (01/20/2015 05:49:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (01/20/2015 05:48:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456
 
Error: (01/20/2015 05:48:32 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎1/‎21/‎2015 1:48:32 AM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (01/20/2015 05:47:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (01/20/2015 05:45:47 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: 
 
Error: (01/20/2015 05:34:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456
 
Error: (01/20/2015 05:34:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
MpFilter
spldr
VBoxDrv
VBoxUSBMon
Wanarpv6
 
Error: (01/20/2015 05:34:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (01/20/2015 05:34:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (01/20/2015 05:34:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/20/2015 05:33:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
Microsoft Office Sessions:
=========================
Error: (01/20/2015 07:16:11 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 06:53:41 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 06:14:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 06:09:45 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (01/20/2015 05:49:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
 
Error: (01/20/2015 05:49:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
 
Error: (01/20/2015 05:49:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
 
Error: (01/20/2015 05:49:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
 
Error: (01/20/2015 05:49:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
 
Error: (01/20/2015 05:49:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\RUBEN\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-20 20:38:14.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-20 20:38:13.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-20 20:38:13.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-20 20:38:13.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 22:49:51.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 22:49:50.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-22 20:29:31.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-22 20:29:31.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-22 20:29:31.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-22 20:29:31.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 3582.45 MB
Available physical RAM: 906.68 MB
Total Pagefile: 7381.88 MB
Available Pagefile: 3620.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.46 GB) (Free:23.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279.5 GB) (Disk ID: 7E43C261)
Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 21 January 2015 - 09:57 AM

Thank you for the information.

Can you tell me if you are having any issues with your keyboard or mouse?

Please run these for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 HwIOctl; \??\C:\Program Files\Setup Files\MS-7350 v1.70\HwIOctl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Memctl; \??\C:\Program Files\Setup Files\MS-7350 v1.70\Memctl.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 USB28xxBGA; system32\DRIVERS\emBDA.sys [X]
S3 USB28xxOEM; system32\DRIVERS\emOEM.sys [X]
S3 WEBNTACCESS; \??\C:\PROGRA~1\MSI\LIVEUP~1\NTACCESS.SYS [X]
U3 mbr; \??\C:\Users\Ruben\AppData\Local\Temp\mbr.sys [X]
C:\Users\Public\diskwipe.exe
C:\Users\Ruben\AppData\Local\Temp\.exe
C:\Users\Ruben\AppData\Local\Temp\16AB.exe
C:\Users\Ruben\AppData\Local\Temp\ApnStub.exe
C:\Users\Ruben\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Ruben\AppData\Local\Temp\bbcap.dll
C:\Users\Ruben\AppData\Local\Temp\bbchlp.dll
C:\Users\Ruben\AppData\Local\Temp\bdfilters.dll
C:\Users\Ruben\AppData\Local\Temp\B~NSISu_.exe
C:\Users\Ruben\AppData\Local\Temp\contentDATs.exe
C:\Users\Ruben\AppData\Local\Temp\ef01f78e-afb9-0e2c-b75c-7d821e634373.tmp.exe
C:\Users\Ruben\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Ruben\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Ruben\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\Ruben\AppData\Local\Temp\gpushark.exe
C:\Users\Ruben\AppData\Local\Temp\hcuninstaller_20130528_115351_15412.exe
C:\Users\Ruben\AppData\Local\Temp\install_flashplayer15x32au_mssa_awc_aih.exe
C:\Users\Ruben\AppData\Local\Temp\install_flash_player.exe
C:\Users\Ruben\AppData\Local\Temp\instsl.exe
C:\Users\Ruben\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u18-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\libmfxsw32.dll
C:\Users\Ruben\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ruben\AppData\Local\Temp\mssinstaller.exe
C:\Users\Ruben\AppData\Local\Temp\NGMDll.dll
C:\Users\Ruben\AppData\Local\Temp\NGMResource.dll
C:\Users\Ruben\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Ruben\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Ruben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ruben\AppData\Local\Temp\ooVooTBing.exe
C:\Users\Ruben\AppData\Local\Temp\prismsetup.exe
C:\Users\Ruben\AppData\Local\Temp\psapi.dll
C:\Users\Ruben\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Ruben\AppData\Local\Temp\Second_Life_Updater.exe
C:\Users\Ruben\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ruben\AppData\Local\Temp\setup_vodburner.exe
C:\Users\Ruben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ruben\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Ruben\AppData\Local\Temp\unicows.dll
C:\Users\Ruben\AppData\Local\Temp\uninstall.exe
C:\Users\Ruben\AppData\Local\Temp\UnityWebPlayer7234874103976633236.exe
C:\Users\Ruben\AppData\Local\Temp\_ir_sf7_temp_0DirectorSetup.exe
C:\Users\Ruben\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.2.183.23\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
2015-01-20 17:46 - 2015-01-20 17:46 - 00098816 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32api.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00110080 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pywintypes27.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00364544 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pythoncom27.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00045568 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_socket.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01160704 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ssl.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00320512 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00713216 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_hashlib.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01175040 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._core_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00805888 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00811008 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._windows_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01062400 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._controls_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00735232 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._misc_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00128512 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_elementtree.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00127488 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pyexpat.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00557056 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00087552 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ctypes.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00119808 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32file.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00108544 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32security.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00007168 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\hashobjs_ext.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00167936 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32gui.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00018432 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32event.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00038912 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32inet.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00011264 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32crypt.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00070656 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._html2.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00027136 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00035840 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32process.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00686080 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\unicodedata.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00122368 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._wizard.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00024064 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pipe.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00025600 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pdh.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00525640 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00010240 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\select.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00017408 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32profile.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00022528 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32ts.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00078336 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._animate.pyd
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 21 January 2015 - 02:20 PM

My mouse and keyboard are wireless, only thing i can think if is since my keyboard is split the left space doesn't work too often, that may just be from my thumb lol. Other then that, sometimes i have to re-seat my mouse receiver.

 

 

Here's the Logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by Ruben at 2015-01-21 10:40:53 Run:1
Running from C:\Users\Ruben\Desktop
Loaded Profiles: Ruben (Available profiles: Ruben & Guest)
Boot Mode: Safe Mode (minimal)
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 HwIOctl; \??\C:\Program Files\Setup Files\MS-7350 v1.70\HwIOctl.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Memctl; \??\C:\Program Files\Setup Files\MS-7350 v1.70\Memctl.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
S3 USB28xxBGA; system32\DRIVERS\emBDA.sys [X]
S3 USB28xxOEM; system32\DRIVERS\emOEM.sys [X]
S3 WEBNTACCESS; \??\C:\PROGRA~1\MSI\LIVEUP~1\NTACCESS.SYS [X]
U3 mbr; \??\C:\Users\Ruben\AppData\Local\Temp\mbr.sys [X]
C:\Users\Public\diskwipe.exe
C:\Users\Ruben\AppData\Local\Temp\.exe
C:\Users\Ruben\AppData\Local\Temp\16AB.exe
C:\Users\Ruben\AppData\Local\Temp\ApnStub.exe
C:\Users\Ruben\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Ruben\AppData\Local\Temp\bbcap.dll
C:\Users\Ruben\AppData\Local\Temp\bbchlp.dll
C:\Users\Ruben\AppData\Local\Temp\bdfilters.dll
C:\Users\Ruben\AppData\Local\Temp\B~NSISu_.exe
C:\Users\Ruben\AppData\Local\Temp\contentDATs.exe
C:\Users\Ruben\AppData\Local\Temp\ef01f78e-afb9-0e2c-b75c-7d821e634373.tmp.exe
C:\Users\Ruben\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Ruben\AppData\Local\Temp\FlashBackDriverInstaller.exe
C:\Users\Ruben\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\Ruben\AppData\Local\Temp\gpushark.exe
C:\Users\Ruben\AppData\Local\Temp\hcuninstaller_20130528_115351_15412.exe
C:\Users\Ruben\AppData\Local\Temp\install_flashplayer15x32au_mssa_awc_aih.exe
C:\Users\Ruben\AppData\Local\Temp\install_flash_player.exe
C:\Users\Ruben\AppData\Local\Temp\instsl.exe
C:\Users\Ruben\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u18-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Ruben\AppData\Local\Temp\libmfxsw32.dll
C:\Users\Ruben\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ruben\AppData\Local\Temp\mssinstaller.exe
C:\Users\Ruben\AppData\Local\Temp\NGMDll.dll
C:\Users\Ruben\AppData\Local\Temp\NGMResource.dll
C:\Users\Ruben\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Ruben\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Ruben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ruben\AppData\Local\Temp\ooVooTBing.exe
C:\Users\Ruben\AppData\Local\Temp\prismsetup.exe
C:\Users\Ruben\AppData\Local\Temp\psapi.dll
C:\Users\Ruben\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Ruben\AppData\Local\Temp\Second_Life_Updater.exe
C:\Users\Ruben\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ruben\AppData\Local\Temp\setup_vodburner.exe
C:\Users\Ruben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ruben\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Ruben\AppData\Local\Temp\unicows.dll
C:\Users\Ruben\AppData\Local\Temp\uninstall.exe
C:\Users\Ruben\AppData\Local\Temp\UnityWebPlayer7234874103976633236.exe
C:\Users\Ruben\AppData\Local\Temp\_ir_sf7_temp_0DirectorSetup.exe
C:\Users\Ruben\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Easybits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.2.183.23\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
2015-01-20 17:46 - 2015-01-20 17:46 - 00098816 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32api.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00110080 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pywintypes27.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00364544 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pythoncom27.dll
2015-01-20 17:46 - 2015-01-20 17:46 - 00045568 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_socket.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01160704 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ssl.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00320512 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00713216 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_hashlib.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01175040 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._core_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00805888 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00811008 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._windows_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 01062400 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._controls_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00735232 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._misc_.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00128512 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_elementtree.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00127488 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pyexpat.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00557056 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00087552 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ctypes.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00119808 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32file.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00108544 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32security.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00007168 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\hashobjs_ext.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00167936 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32gui.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00018432 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32event.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00038912 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32inet.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00011264 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32crypt.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00070656 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._html2.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00027136 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00035840 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32process.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00686080 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\unicodedata.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00122368 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._wizard.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00024064 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pipe.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00025600 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pdh.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00525640 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00010240 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\select.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00017408 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32profile.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00022528 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32ts.pyd
2015-01-20 17:46 - 2015-01-20 17:46 - 00078336 _____ () C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._animate.pyd
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
ACDaemon => Service deleted successfully.
blbdrive => Service deleted successfully.
EagleNT => Service deleted successfully.
GMSIPCI => Service deleted successfully.
HwIOctl => Service deleted successfully.
IpInIp => Service deleted successfully.
Memctl => Service deleted successfully.
NTACCESS => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SetupNTGLM7X => Service deleted successfully.
USB28xxBGA => Service deleted successfully.
USB28xxOEM => Service deleted successfully.
WEBNTACCESS => Service deleted successfully.
mbr => Service not found.
C:\Users\Public\diskwipe.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\16AB.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\A~NSISu_.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\bbcap.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\bbchlp.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\B~NSISu_.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\ef01f78e-afb9-0e2c-b75c-7d821e634373.tmp.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\ffmpeg15.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\FlashBackDriverInstaller.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\gpushark.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\hcuninstaller_20130528_115351_15412.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\install_flashplayer15x32au_mssa_awc_aih.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\install_flash_player.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\instsl.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u18-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\libmfxsw32.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\nvSCPAPISvr.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\ooVooTBing.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\prismsetup.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\psapi.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\Second_Life_Updater.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\setup_vodburner.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\uninstall.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\UnityWebPlayer7234874103976633236.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\_ir_sf7_temp_0DirectorSetup.exe => Moved successfully.
C:\Users\Ruben\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe => Moved successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-1735043674-136120036-3448280008-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32api.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pywintypes27.dll" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pythoncom27.dll" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_socket.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ssl.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_hashlib.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._core_.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._windows_.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._controls_.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._misc_.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_elementtree.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pyexpat.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_ctypes.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32file.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32security.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\hashobjs_ext.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32gui.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32event.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32inet.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32crypt.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._html2.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32process.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\unicodedata.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._wizard.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pipe.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32pdh.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\select.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32profile.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\win32ts.pyd" => File/Directory not found.
"C:\Users\Ruben\AppData\Local\Temp\_MEI33882\wx._animate.pyd" => File/Directory not found.
 
==== End of Fixlog 10:40:55 ====
 
# AdwCleaner v4.108 - Report created 21/01/2015 at 10:44:49
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : Ruben - BEASTV2
# Running from : C:\Users\Ruben\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Folder Deleted : C:\ProgramData\ClickPotatoLiteSA
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\Ruben\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Guest\Documents\Updater
Folder Deleted : C:\Users\Ruben\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Ruben\AppData\Roaming\clickpotatolite
Folder Deleted : C:\Users\Ruben\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Ruben\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Ruben\Documents\Updater
Folder Deleted : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\v0273n7z.default-1353314171642\user.js
File Deleted : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mffdcionknddopdmdnloanoafafkmckb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Key Deleted : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Key Deleted : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKCU\Software\clickpotatolitesa
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\ClickPotatoLite
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_engadget&q={searchTerms}&s_it=search_addon
[C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://autoblog.search.aol.com/search?q={searchTerms}&s_it=search_addon
[C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchassist.verizon.com/index?ClientLocation=us&ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&Implementation=0&LinkID=VFAOR38AAAEAAD1gAlUAAAE7&FailureMode=5&pvf=1&pvi=0&SearchQuery={searchTerms}&search=Search
 
*************************
 
AdwCleaner[R0].txt - [5463 octets] - [21/01/2015 10:41:37]
AdwCleaner[S0].txt - [5328 octets] - [21/01/2015 10:44:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5388 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Business x86
Ran by Ruben on Wed 01/21/2015 at 11:07:40.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Ruben\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Ruben\AppData\Roaming\mozilla\firefox\profiles\v0273n7z.default-1353314171642\minidumps [700 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Ruben\appdata\local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/21/2015 at 11:10:59.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 21 January 2015 - 02:42 PM

Things seem to be running a bit smoother performance wise.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 21 January 2015 - 02:45 PM

That looks good, thanks.

There were a number of errors related to your keyboard/mouse. I would like to follow up on that. I have some other steps for you to take as well.

Please do this.

===================================================

Obtaining Device Error Information

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Keyboards section by clicking the + sign
  • Are there any device errors?
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Device information
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 21 January 2015 - 06:14 PM

There are no errors or problems displayed for the keyboard...

 

C:\FRST\Quarantine\C\Users\Ruben\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe.xBAD Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Ruben\AppData\Local\Temp\prismsetup.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Ruben\AppData\Local\Temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted application deleted - quarantined
C:\Users\Ruben\AppData\Local\Temp\is754907076\PricePeepInstaller.exe a variant of Win32/AdWare.PricePeep.B application cleaned by deleting - quarantined
C:\Users\Ruben\AppData\Local\Temp\is754907076\wajam_download.exe Win32/Wajam.C potentially unwanted application deleted - quarantined
C:\Users\Ruben\AppData\Local\Temp\nchuninst\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Ruben\Downloads\teamviewer.exe a variant of Win32/InstallCore.X potentially unwanted application deleted - quarantined
 

 Results of screen317's Security Check version 0.99.94  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.257  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (35.0) 
 Google Chrome (39.0.2171.95) 
 Google Chrome (39.0.2171.99) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

 

The ESET did take a while



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 21 January 2015 - 10:05 PM

Yes ESET is very thorough. Thanks for the keyboard information.

Please do this.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 22 January 2015 - 02:31 AM

Farbar Service Scanner Version: 17-01-2015
Ran by Ruben (administrator) on 21-01-2015 at 23:30:28
Running from "C:\Users\Ruben\Desktop"
Microsoft® Windows Vista™ Business  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 22 January 2015 - 10:10 AM

Thank you, please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Update Java

-------------------
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed allow the program to complete that
  • Reboot your computer once all Java components are removed.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the updates go well?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 22 January 2015 - 03:28 PM

That's weird, for both install attempts i get some sort of Invalid Key errors.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 22 January 2015 - 10:22 PM

Can you be more specific regarding the error information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 22 January 2015 - 10:29 PM

Adobe install displays the following error:

Adobe reader 10 installation error

 

Key not valid for use in specified state.

 

 

 

Java install reports the following problem:

 

Error code 1603

 

 

From Java help site:

Error 1603, Error 1618, Object Already Exists, Key not valid in specified state

This article applies to:

  • Platform(s): Windows 7, Windows 8, Windows Vista, Windows XP
  • Java version(s): 7.0, 8.0

SYMPTOMS
 

During installation of Java from Java.com, a dialog box appears displaying one of the following error codes:
Error 1603, Error 1618, Key not valid in specified state, Object Already Exists

CAUSE
 

These errors, seen during the installation process, indicate that an installation did not complete. The root causes of these errors are under investigation.

Object Already Exists. This is a known issue with Microsoft KB2918614



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 PM

Posted 22 January 2015 - 10:50 PM

Thank you for the information. Please do this.
  • Boot into Safe Mode
  • Press Window + R key at the same time
  • Type cmd and hit Enter
  • Type rename C:\Users\Ruben\AppData\Roaming\Microsoft\Crypto Crypto.old and press Enter
  • Type Exit, hit Enter, then reboot into Normal Mode
  • Retry the installations
Let me know how we do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users