Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot uninstall Adware programs...


  • This topic is locked This topic is locked

#1
frustratedidiot

frustratedidiot

    Member

  • Member
  • PipPip
  • 17 posts
Clicked an ad or something in Google Chrome the other day, an install window came up for some game, I exited. Chrome crashed and then came back up again, and I noticed something was different. Suddenly all my bookmarks and history and everything was gone, it was all empty.

Chrome started downloading crap extensions like "talk to type" and "key" something.......Also, in settings under "People", there was one person, and then two, and it wanted me to sign in to remove them so I just exited.

I looked in the Control Panel to see if I could find any weird programs. "EnjOYCoupon" and "SaveLOts" under the publisher of "" .
I uninstalled and preformed a system restore to 29/12/14. They came back. I can't seem to uninstall them now. There is a new one called "FunDeuals" from the publisher "" .

I tried a pc scan but it didn't help. I tried turning on Windows Defender but I got an error message saying "Windows Defender encountered an error: 0x800705b4. This operation returned because the timeout period expired."

It's worrisome and i'd like to fix the problem as soon as soon as possible :( If anyone here could help to solve this please let me know! Thanks for taking the time to read this.
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks
    Joe :)

  • 0

#3
frustratedidiot

frustratedidiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here are the text logs for AdCleaner and Junk Removal Tool:

 

# AdwCleaner v4.106 - Report created 31/12/2014 at 20:10:47

# Updated 21/12/2014 by Xplode

# Database : 2014-12-30.1 [Live]

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Username : Mishjaimi - MISHJAIMI-PC

# Running from : c:\Users\Mishjaimi\Downloads\adwcleaner_4.106.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : netfilter

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\ProgramData\Allmyapps

Folder Deleted : C:\ProgramData\Yahoo! Companion

Folder Deleted : C:\ProgramData\Adblocker

Folder Deleted : C:\ProgramData\DigiaSeaveR

Folder Deleted : C:\ProgramData\EnjOYCoupon

Folder Deleted : C:\ProgramData\FunDeuals

Folder Deleted : C:\ProgramData\SaveLOts

Folder Deleted : C:\ProgramData\126c504f3906048f

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Level Quality Watcher

Folder Deleted : C:\Program Files\NCH Software

Folder Deleted : C:\Program Files\Uninstaller

Folder Deleted : C:\Program Files\Optimizer Pro 3.16

Folder Deleted : C:\Program Files\Adblocker

Folder Deleted : C:\Program Files\EnjOYCoupon

Folder Deleted : C:\Program Files\SaveLOts

Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}

Folder Deleted : C:\Users\Mishjaimi\AppData\Local\Conduit

Folder Deleted : C:\Users\Mishjaimi\AppData\Local\CrashRpt

Folder Deleted : C:\Users\Mishjaimi\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Mishjaimi\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Mishjaimi\AppData\Roaming\goforfiles

Folder Deleted : C:\Users\Mishjaimi\AppData\Roaming\NCH Software

Folder Deleted : C:\Users\Mishjaimi\AppData\Roaming\SearchProtect

Folder Deleted : C:\Users\Mishjaimi\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Mishjaimi\Documents\Optimizer Pro

Folder Deleted : C:\Users\Mishjaimi\AppData\Roaming\Mozilla\Firefox\Profiles\gicxoahg.default-1420019816621\Extensions\[email protected]

File Deleted : C:\END

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\Mishjaimi\AppData\Roaming\Mozilla\Firefox\Profiles\soj9uirm.default\user.js

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : GoforFilesUpdate

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bolmicibdhjnmppjidlkppdaeplaphpi

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bolmicibdhjnmppjidlkppdaeplaphpi

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\.

Key Deleted : HKLM\SOFTWARE\Classes\..9

Key Deleted : HKLM\SOFTWARE\Classes\P73c7848e_3dcc_4fde_bfc2_907a516a8392_.P73c7848e_3dcc_4fde_bfc2_907a516a8392_

Key Deleted : HKLM\SOFTWARE\Classes\P73c7848e_3dcc_4fde_bfc2_907a516a8392_.P73c7848e_3dcc_4fde_bfc2_907a516a8392_.9

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315010

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67b2419e-cf81-4431-b5e8-531a0f1923b8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{73c7848e-3dcc-4fde-bfc2-907a516a8392}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b0513772-214a-4c85-bd35-bc5a360237ea}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67b2419e-cf81-4431-b5e8-531a0f1923b8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73c7848e-3dcc-4fde-bfc2-907a516a8392}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0513772-214a-4c85-bd35-bc5a360237ea}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67b2419e-cf81-4431-b5e8-531a0f1923b8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0513772-214a-4c85-bd35-bc5a360237ea}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{67b2419e-cf81-4431-b5e8-531a0f1923b8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b0513772-214a-4c85-bd35-bc5a360237ea}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{67b2419e-cf81-4431-b5e8-531a0f1923b8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{73c7848e-3dcc-4fde-bfc2-907a516a8392}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b0513772-214a-4c85-bd35-bc5a360237ea}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CBE3FF8-BC71-4515-AC21-4B5338A96073}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CDF4930C-047B-4EFB-AA5C-49607F14FAA2}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D556EF7B-7F43-40AB-87C8-7E502485111F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CBE3FF8-BC71-4515-AC21-4B5338A96073}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\GoforFiles

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\GoforFiles

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{478472F9-9E09-492A-BDAB-42EE595EF1AD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{478472F9-9E09-492A-BDAB-42EE595EF1AD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16599

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

[soj9uirm.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");

[soj9uirm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");

 

-\\ Google Chrome v39.0.2171.95

 

[C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315010&CUI=UN27865452492166020&UM=2

[C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315010&CUI=UN27865452492166020&UM=2

[C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=8BA10B4A-E885-4E78-97A5-AC93425E688F&apn_sauid=157B80E2-3C82-4590-ACC7-A8E8B8D6C78B

[C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=8BA10B4A-E885-4E78-97A5-AC93425E688F&apn_sauid=157B80E2-3C82-4590-ACC7-A8E8B8D6C78B

[C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bolmicibdhjnmppjidlkppdaeplaphpi

 

*************************

 

AdwCleaner[R0].txt - [16948 octets] - [31/12/2014 20:04:18]

AdwCleaner[R1].txt - [17009 octets] - [31/12/2014 20:08:06]

AdwCleaner[S0].txt - [16518 octets] - [31/12/2014 20:10:47]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16579 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Mishjaimi on 31/12/2014 at 20:40:15.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9227DF63-238D-48B7-AFFA-90916A8D4255}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9227DF63-238D-48B7-AFFA-90916A8D4255}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Mishjaimi\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Mishjaimi\AppData\Roaming\mozilla\firefox\profiles\soj9uirm.default\extensions\staged
Successfully deleted the following from C:\Users\Mishjaimi\AppData\Roaming\mozilla\firefox\profiles\soj9uirm.default\prefs.js
 
user_pref("browser.startup.homepage", "hxxp://www.better-search.net/?i=53&st=29&src=55&did=11009&ppd=1848,102030388786c22783eb7fe74275c1,,,,,Royal+Defense,,,play.gamepacks.com
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/12/2014 at 20:54:40.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Looks good,

This tool has to be downloaded to the desktop,

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#5
frustratedidiot

frustratedidiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hopefully this is alright:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Mishjaimi (administrator) on MISHJAIMI-PC on 31-12-2014 21:48:09
Running from C:\Users\Mishjaimi\Downloads
Loaded Profiles: Mishjaimi & UpdatusUser (Available profiles: IUSR_NMPR & Mishjaimi & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-11-15] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [CCUTRAYICON] => FactoryMode
HKLM\...\Run: [SnapfishMediaDetector] => C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [1441792 2007-03-02] ()
HKLM\...\Run: [HP Software Update] => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\MountPoints2: {81e2efc4-8505-11e2-991d-001bfcdfd080} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1773568 2007-03-12] (Hewlett-Packard)
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\RunOnce: [DependencyCheck] => Performed
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\MountPoints2: {81e2efc4-8505-11e2-991d-001bfcdfd080} - K:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~2\180352~1\bit1738.tmp => c:\ProgramData\1803528019\BIT1738.tmp [4125696 2014-05-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
Startup: C:\Users\Mishjaimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series.lnk
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....minator=1_sp_ie
SearchScopes: HKLM -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1001 -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.better-se...minator=1_sp_ie
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {8CBE3FF8-BC71-4515-AC21-4B5338A96073} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {9227DF63-238D-48B7-AFFA-90916A8D4255} URL = http://search.live.c...#38;FORM=HVDCS7
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {CDF4930C-047B-4EFB-AA5C-49607F14FAA2} URL = http://websearch.ask...C7-A8E8B8D6C78B
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {D556EF7B-7F43-40AB-87C8-7E502485111F} URL = http://search.condui...2492166020&UM=2
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.17 64.59.150.133
 
FireFox:
========
FF ProfilePath: C:\Users\Mishjaimi\AppData\Roaming\Mozilla\Firefox\Profiles\soj9uirm.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKU\S-1-5-21-2204486101-728493013-4280112839-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mishjaimi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2204486101-728493013-4280112839-1001: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-07]
FF Extension: No Name - C:\Users\Mishjaimi\AppData\Roaming\Mozilla\Firefox\Profiles\soj9uirm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MISHJA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-31]
CHR HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
S4 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
S4 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-11-15] (Intel Corporation) [File not signed]
S4 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S4 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] () [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [354432 2007-01-14] (Hauppauge Computer Works, Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [849248 2010-04-29] (Ralink Technology Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf61a92fa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17EDA5B7-9433-46F6-AB4A-55E83015E5C7}\MpKslf61a92fa.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 21:48 - 2014-12-31 21:49 - 00021088 _____ () C:\Users\Mishjaimi\Downloads\FRST.txt
2014-12-31 21:47 - 2014-12-31 21:48 - 00000000 ____D () C:\FRST
2014-12-31 21:46 - 2014-12-31 21:46 - 01114624 _____ (Farbar) C:\Users\Mishjaimi\Downloads\FRST.exe
2014-12-31 20:54 - 2014-12-31 20:54 - 00002112 _____ () C:\Users\Mishjaimi\Desktop\JRT.txt
2014-12-31 20:40 - 2014-12-31 20:40 - 00000000 ____D () C:\Windows\ERUNT
2014-12-31 20:38 - 2014-12-31 20:39 - 01707939 _____ (Thisisu) C:\Users\Mishjaimi\Downloads\JRT.exe
2014-12-31 20:22 - 2014-12-31 20:22 - 00016660 _____ () C:\Users\Mishjaimi\Downloads\AdwCleaner[S0].txt
2014-12-31 20:17 - 2014-12-31 20:17 - 00000000 __SHD () C:\found.007
2014-12-31 20:03 - 2014-12-31 20:10 - 00000000 ____D () C:\AdwCleaner
2014-12-31 20:02 - 2014-12-31 20:02 - 02173952 _____ () C:\Users\Mishjaimi\Downloads\adwcleaner_4.106.exe
2014-12-31 19:45 - 2014-12-31 19:45 - 00602112 _____ (OldTimer Tools) C:\Users\Mishjaimi\Downloads\OTL (2).exe
2014-12-31 19:39 - 2014-12-31 19:39 - 00602112 _____ (OldTimer Tools) C:\Users\Mishjaimi\Downloads\OTL (1).exe
2014-12-31 05:07 - 2014-12-31 05:07 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-31 05:07 - 2014-12-31 05:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-31 03:35 - 2014-12-31 03:35 - 00000000 ____D () C:\Program Files\Anvisoft
2014-12-31 01:57 - 2014-12-31 01:57 - 00000000 ____D () C:\Users\Mishjaimi\Desktop\Old Firefox Data
2014-12-28 22:19 - 2014-12-28 22:19 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Hatoful Boyfriend.url
2014-12-28 20:56 - 2014-12-28 21:08 - 66731271 _____ () C:\Users\Mishjaimi\Downloads\holiwin_eg.zip
2014-12-28 19:42 - 2014-12-28 19:42 - 00008791 _____ () C:\Users\Mishjaimi\.recently-used.xbel
2014-12-27 19:26 - 2014-12-27 19:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 19:11 - 2014-12-27 19:11 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Krita Gemini Demo.url
2014-12-27 10:55 - 2014-12-27 10:55 - 00000000 __SHD () C:\found.006
2014-12-27 05:26 - 2014-12-27 05:26 - 00001190 _____ () C:\Users\Public\Desktop\Dandelion - Wishes brought to you - Demo.lnk
2014-12-27 05:26 - 2014-12-27 05:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dandelion - Wishes brought to you - Demo
2014-12-27 05:26 - 2014-12-27 05:26 - 00000000 ____D () C:\Program Files\Dandelion - Wishes brought to you - Demo
2014-12-27 05:20 - 2014-12-27 05:23 - 260119373 _____ (Cheritz ) C:\Users\Mishjaimi\Downloads\DandelionDemoEnglishInstaller_v1.92u.exe
2014-12-27 04:17 - 2014-12-27 04:17 - 00000866 _____ () C:\Users\Public\Desktop\Nameless Demo.lnk
2014-12-27 04:17 - 2014-12-27 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nameless Demo
2014-12-27 04:15 - 2014-12-27 04:15 - 00000000 ____D () C:\Program Files\Nameless Demo
2014-12-27 04:06 - 2014-12-27 04:09 - 351139568 _____ (Cheritz ) C:\Users\Mishjaimi\Downloads\NamelessEnglishDemo_Windows_10_31.exe
2014-12-26 14:40 - 2014-12-26 14:40 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Freedom Planet Demo.url
2014-12-26 01:49 - 2014-12-26 01:49 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Cherry Tree High Comedy Club Demo.url
2014-12-26 00:13 - 2014-12-25 19:57 - 00012005 _____ () C:\Users\Mishjaimi\AppData\Roaming\alsoft.ini
2014-12-25 21:49 - 2014-12-28 20:38 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\FEZ
2014-12-25 21:49 - 2014-12-25 21:49 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-25 21:49 - 2014-12-25 21:49 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-25 21:49 - 2014-12-25 21:49 - 00000000 ____D () C:\Program Files\OpenAL
2014-12-25 19:57 - 2014-12-25 19:57 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\FEZ.url
2014-12-25 19:25 - 2014-12-25 19:25 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Floating Point.url
2014-12-22 00:31 - 2014-12-22 00:31 - 00000000 ____D () C:\ProgramData\1803528019
2014-12-21 21:44 - 2014-12-21 21:44 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-12-21 21:42 - 2014-12-22 00:22 - 00019384 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-12-21 21:37 - 2014-12-21 21:38 - 00731856 _____ (?? 2014 ClientConnect Ltd.) C:\Users\Mishjaimi\Downloads\Royal_Defense_TSV4FOVIM.exe
2014-12-19 03:16 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-19 03:16 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-19 03:16 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-19 02:52 - 2014-12-28 22:19 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 02:52 - 2014-12-19 02:52 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Sonic Adventure 2.url
2014-12-16 06:24 - 2014-12-16 06:27 - 00008047 _____ () C:\Users\Mishjaimi\Downloads\Pulse_Prototype_Windows-ZIPReader.log
2014-12-16 06:24 - 2014-12-16 06:27 - 00000000 ____D () C:\Users\Mishjaimi\Downloads\Pulse_Prototype_Windows
2014-12-16 04:49 - 2014-12-16 06:23 - 562850311 _____ () C:\Users\Mishjaimi\Downloads\Pulse_Prototype_Windows.zip
2014-12-12 22:02 - 2014-12-12 22:02 - 00001610 _____ () C:\Users\Mishjaimi\Downloads\sonic-remixed-ZIPReader.log
2014-12-12 22:02 - 2014-12-12 22:02 - 00000000 ____D () C:\Users\Mishjaimi\Downloads\sonic-remixed
2014-12-12 22:00 - 2014-12-12 22:01 - 17411998 _____ () C:\Users\Mishjaimi\Downloads\sonic-remixed.zip
2014-12-11 02:07 - 2014-12-11 02:07 - 00200504 _____ () C:\Windows\Minidump\Mini121114-01.dmp
2014-12-11 00:55 - 2014-12-11 00:57 - 970150285 _____ () C:\Users\Mishjaimi\Downloads\Unconfirmed 273219.crdownload
2014-12-10 03:06 - 2014-11-06 17:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 03:06 - 2014-11-03 16:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 03:02 - 2014-12-02 18:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 14:03 - 2014-11-24 12:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 14:03 - 2014-11-24 12:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:03 - 2014-11-24 12:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:03 - 2014-11-24 12:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:03 - 2014-11-24 12:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:03 - 2014-11-24 12:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:03 - 2014-11-24 12:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:03 - 2014-11-24 12:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 14:03 - 2014-11-24 12:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:03 - 2014-11-24 12:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 14:03 - 2014-11-24 12:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 21:46 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 21:46 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 21:39 - 2013-03-10 10:31 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 21:08 - 2013-12-04 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 20:26 - 2013-03-02 20:30 - 01745756 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 20:22 - 2014-04-25 07:45 - 00000000 ___RD () C:\Users\Mishjaimi\Google Drive
2014-12-31 20:20 - 2013-03-10 10:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 20:20 - 2007-06-04 12:28 - 00000000 ____D () C:\Windows\SMINST
2014-12-31 20:20 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 20:19 - 2013-03-07 03:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 20:19 - 2013-03-07 03:56 - 00149962 _____ () C:\Windows\PFRO.log
2014-12-31 20:11 - 2006-11-02 05:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-31 05:07 - 2013-03-10 10:31 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Local\Google
2014-12-31 05:07 - 2013-03-10 10:31 - 00000000 ____D () C:\Program Files\Google
2014-12-31 03:51 - 2013-03-03 11:42 - 00000000 ____D () C:\Users\Mishjaimi
2014-12-31 03:50 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-12-31 03:50 - 2006-11-02 02:22 - 53477376 _____ () C:\Windows\system32\config\software_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 20185088 _____ () C:\Windows\system32\config\system_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-12-31 03:49 - 2014-11-11 13:16 - 00000000 ____D () C:\Program Files\Steam
2014-12-31 03:49 - 2014-02-16 23:48 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Local\Akamai
2014-12-31 03:49 - 2014-02-14 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-31 03:49 - 2014-01-10 12:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-31 03:49 - 2013-12-04 10:37 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-31 03:49 - 2007-06-04 11:59 - 00000000 ___HD () C:\Users\IUSR_NMPR
2014-12-31 03:49 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\spool
2014-12-31 03:49 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-12-31 01:44 - 2013-04-29 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-12-31 00:41 - 2014-02-23 22:59 - 00000000 ____D () C:\temp
2014-12-27 19:32 - 2014-09-17 21:01 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\krita
2014-12-27 05:27 - 2014-01-19 14:00 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\RenPy
2014-12-27 04:20 - 2013-03-04 11:37 - 00001356 _____ () C:\Users\Mishjaimi\AppData\Local\d3d9caps.dat
2014-12-25 22:25 - 2013-08-07 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-25 14:40 - 2014-11-11 13:16 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-12-25 11:59 - 2014-04-18 13:35 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\gtk-2.0
2014-12-22 00:38 - 2007-06-04 11:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-22 00:32 - 2007-06-04 11:58 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-12-17 13:25 - 2006-11-02 02:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:37 - 2014-02-17 23:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 03:04 - 2014-02-17 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-11 02:06 - 2014-02-12 12:02 - 203337518 _____ () C:\Windows\MEMORY.DMP
2014-12-10 03:41 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:07 - 2007-06-04 12:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\Users\Mishjaimi\jagex_cl_oldschool_LIVE.dat
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE.dat
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE1.dat
C:\Users\Mishjaimi\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Mishjaimi\AppData\Local\Temp\7zip.exe
C:\Users\Mishjaimi\AppData\Local\Temp\aacdec.exe
C:\Users\Mishjaimi\AppData\Local\Temp\aacenc.exe
C:\Users\Mishjaimi\AppData\Local\Temp\advapi32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ANPDApi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\dnsapi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mishjaimi\AppData\Local\Temp\gdi32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\htmlayout.dll
C:\Users\Mishjaimi\AppData\Local\Temp\imm32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\iPodVoiceOverSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\kernel32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\lpk.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ly.exe
C:\Users\Mishjaimi\AppData\Local\Temp\mpsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\msctf.dll
C:\Users\Mishjaimi\AppData\Local\Temp\msvcrt.dll
C:\Users\Mishjaimi\AppData\Local\Temp\nsi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ntdll.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ole32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\optprosetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\Quarantine.exe
C:\Users\Mishjaimi\AppData\Local\Temp\recycle.exe
C:\Users\Mishjaimi\AppData\Local\Temp\rpcrt4.dll
C:\Users\Mishjaimi\AppData\Local\Temp\rsaenh.dll
C:\Users\Mishjaimi\AppData\Local\Temp\secur32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\Setup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\shell32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\shlwapi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\SLC.dll
C:\Users\Mishjaimi\AppData\Local\Temp\sqlite3.dll
C:\Users\Mishjaimi\AppData\Local\Temp\switchsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Mishjaimi\AppData\Local\Temp\tbKeyB.dll
C:\Users\Mishjaimi\AppData\Local\Temp\tbMixi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\tnsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838766.exe
C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838781.exe
C:\Users\Mishjaimi\AppData\Local\Temp\user32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\userenv.dll
C:\Users\Mishjaimi\AppData\Local\Temp\usp10.dll
C:\Users\Mishjaimi\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Mishjaimi\AppData\Local\Temp\ws2_32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\zipsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\_isBC24.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-31 20:28
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Mishjaimi at 2014-12-31 21:49:34
Running from C:\Users\Mishjaimi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\uTorrent) (Version: 3.4.2.31893 - BitTorrent Inc.)
ACE Online (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1) (Version:  - Suba Games)
ActiveState Komodo Edit 8.5.3 (HKLM\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Advanced Fix 2014 version 2.1.3.85 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.85 - Advanced Fix, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-6 - Wacom Technology Corp.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cherry Tree High Comedy Club Demo (HKLM\...\Steam App 223890) (Version:  - 773)
CLIP STUDIO PAINT (HKLM\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.2.7 - CELSYS)
CopyTrans Suite (HKLM\...\CopyTrans Suite) (Version:  - )
Dandelion - Wishes brought to you - Demo version 1.92 (HKLM\...\{795EAB32-6331-420A-A57B-AAA3FC14ED0E}_is1) (Version: 1.92 - Cheritz)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Express Zip (HKLM\...\ExpressZip) (Version: 2.28 - NCH Software)
FEZ (HKLM\...\Steam App 224760) (Version:  - Polytron Corporation)
Five Nights at Freddy's DEMO (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Five Nights at Freddy's DEMO) (Version:  - )
Floating Point (HKLM\...\Steam App 302380) (Version:  - Suspicious Developments)
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Freedom Planet Demo (HKLM\...\Steam App 311950) (Version:  - GalaxyTrail)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
Hatoful Boyfriend (HKLM\...\Steam App 310080) (Version:  - Mediatonic)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{C75A8117-BC46-4236-9AB8-5955DBA18A09}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Total Care Advisor (HKLM\...\{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}) (Version: 1.1.17 - Hewlett-Packard)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.005 - Hewlett-Packard)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.361.6 - Intel Corporation)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
join.me (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\JoinMe) (Version: 1.9.0.133 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\JoinMe) (Version: 1.9.0.133 - LogMeIn, Inc.)
JTablet (HKLM\...\JTablet) (Version:  - )
Krita Desktop (x86) "2.8.3.0" (HKLM\...\{97C8B983-5F54-4FB9-AF90-D10A22CD5A17}) (Version: 2.8.3.0 - KO GmbH)
Krita Gemini Demo (HKLM\...\Steam App 289970) (Version:  - KO GmbH)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LINE (HKLM\...\LINE) (Version: 3.5.3.23 - LINE Corporation)
Lucent Heart EN (HKLM\...\{3C05F539-3641-4ED1-B88F-DEA9DAD620E3}) (Version: 7.02.0700 - Suba Games)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MediaDrug (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaDrug (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaHuman YouTube to MP3 Converter version 3.5.2 (HKLM\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.5.2 - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MixPad (HKLM\...\MixPad) (Version: 3.39 - NCH Software)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1701 - WildTangent)
MyPaint 0.9.0 (HKLM\...\MyPaint) (Version: 0.9.0 - Martin Renold & MyPaint Development Team)
Nameless Demo version 1.1 (HKLM\...\{60E0B16F-DEA2-4811-BBEF-6888525A0E2A}_is1) (Version: 1.1 - Cheritz)
NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.07 - NCH Software)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9621 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PowerPaint 2.50 (HKLM\...\PowerPaint_is1) (Version:  - FLISoft)
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
ScreenShot V1.1.0.0 (HKLM\...\{1BBEB0C2-B5F6-4B8E-A4EA-1B13C45FCE7D}) (Version: 1.1.0 - MichaelFontana)
Snapfish Media Detector (HKLM\...\{4EF6FDB0-3B11-4820-9860-8E08E9965195}) (Version: 1.7.0.15 - HP Snapfish)
SnowFox iPad Video Converter 3.3.1.0 (HKLM\...\SnowFox iPad Video Converter_is1) (Version:  - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Sonic Adventure™ 2  (HKLM\...\Steam App 213610) (Version:  - SEGA)
Stairs - The Game (HKLM\...\UDK-384a8f75-8fdc-4db2-a492-3f9a1bfef2e3) (Version:  - Epic Games, Inc.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Unity Web Player (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.55 - NCH Software)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Mishjaimi\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Mishjaimi\Downloads\lullatone+-+splitting+a+banana+split+(M.+Kokosova) - [MP3Juices.com].exe (The Is)
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1002_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1002_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\UpdatusUser\Downloads\lullatone+-+splitting+a+banana+split+(M.+Kokosova) - [MP3Juices.com]. (the data entry has 11 more characters).
 
==================== Restore Points  =========================
 
17-12-2014 19:05:15 Windows Update
19-12-2014 03:12:55 Installed DirectX
20-12-2014 00:43:34 Scheduled Checkpoint
21-12-2014 13:13:15 Scheduled Checkpoint
21-12-2014 13:23:09 Windows Update
22-12-2014 08:20:24 Scheduled Checkpoint
23-12-2014 09:36:40 Scheduled Checkpoint
24-12-2014 11:45:44 Scheduled Checkpoint
24-12-2014 15:51:38 Windows Update
25-12-2014 21:47:18 Installed DirectX
25-12-2014 22:24:51 Windows Update
26-12-2014 18:33:49 Scheduled Checkpoint
27-12-2014 18:10:54 Scheduled Checkpoint
27-12-2014 19:26:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
28-12-2014 02:50:57 Windows Update
28-12-2014 19:36:53 Scheduled Checkpoint
29-12-2014 08:41:21 Scheduled Checkpoint
31-12-2014 01:20:59 Restore Operation
31-12-2014 03:35:26 Windows Update
31-12-2014 03:42:51 Restore Operation
31-12-2014 04:05:57 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2E4F5818-2E10-444B-BE2F-7DF92BB0379A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {49675659-946D-41B2-AED6-9D528B576CE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {899B898E-9DA3-4CB8-9316-2F475C17BDFE} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-18] (Microsoft Corporation)
Task: {90ADC938-7245-417D-9E61-F3D619ABE51A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {967CDA5D-218C-47D9-9821-92BB157CB6A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12] (Adobe Systems Incorporated)
Task: {AEFDD31F-6684-4D88-9B2D-506C27DEC569} - System32\Tasks\AllmyappsUpdateTask => c:\users\mishjaimi\appdata\roaming\allmyapps\allmyappsupdater.exe
Task: {B4994A59-1BA5-4F3F-8426-29914A47B3EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DBD9B7B2-5A71-4B26-B01C-E30737695F68} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-07 16:53 - 2010-10-21 08:38 - 00962416 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-31 20:22 - 2014-12-31 20:22 - 00098816 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32api.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00110080 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\pywintypes27.dll
2014-12-31 20:21 - 2014-12-31 20:21 - 00364544 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\pythoncom27.dll
2014-12-31 20:22 - 2014-12-31 20:22 - 00045568 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\_socket.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 01160704 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\_ssl.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 00320512 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32com.shell.shell.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00713216 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\_hashlib.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 01175040 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._core_.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00805888 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._gdi_.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00811008 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._windows_.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 01062400 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._controls_.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 00735232 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._misc_.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00128512 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\_elementtree.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00127488 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\pyexpat.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00557056 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\pysqlite2._sqlite.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00087552 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\_ctypes.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00119808 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32file.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00108544 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32security.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00007168 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\hashobjs_ext.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00167936 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32gui.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00018432 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32event.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00038912 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32inet.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 00011264 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32crypt.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00070656 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._html2.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00027136 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\_multiprocessing.pyd
2014-12-31 20:20 - 2014-12-31 20:20 - 00035840 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32process.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00686080 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\unicodedata.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 00122368 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._wizard.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00024064 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32pipe.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00025600 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32pdh.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00525640 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\windows._lib_cacheinvalidation.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00010240 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\select.pyd
2014-12-31 20:22 - 2014-12-31 20:22 - 00017408 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32profile.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 00022528 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\win32ts.pyd
2014-12-31 20:21 - 2014-12-31 20:21 - 00078336 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI39322\wx._animate.pyd
2014-05-22 00:08 - 2014-05-22 00:08 - 04125696 ____H () c:\ProgramData\1803528019\BIT1738.tmp
2014-12-31 05:07 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-31 05:07 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-31 05:07 - 2014-12-05 17:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\96猫 &amp; コゲ犬 - 96neko &amp; Kogeinu ~ アカツキアライヴァル - Akatsuki Arrival   MP3 (HD).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Hungary- Hatafutte Parade [Full song with lyrics].mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Simple and Clean (Music box version).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Tales of Symphonia - Crazy Trading Town.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\The Scallop Dance (Tales of Legendia, Voice of Character Quest vol.2).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\_____ [8bit].mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\山崎まさよし - Romancing SaGa -Minstrel Song- Original Sound Track [Disc 3] - 14 - メヌエット (Ending Edit).mp3:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DQLWinService => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IntelDHSvcConf => 2
MSCONFIG\Services: ISSM => 3
MSCONFIG\Services: M1 Server => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: stllssvr => 3
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2204486101-728493013-4280112839-500 - Administrator - Disabled)
Guest (S-1-5-21-2204486101-728493013-4280112839-501 - Limited - Disabled)
IUSR_NMPR (S-1-5-21-2204486101-728493013-4280112839-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
Mishjaimi (S-1-5-21-2204486101-728493013-4280112839-1001 - Administrator - Enabled) => C:\Users\Mishjaimi
UpdatusUser (S-1-5-21-2204486101-728493013-4280112839-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/31/2014 09:23:17 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E4972E03-A427-44BE-805D-7D4D54A70CC8}.
The backup browser is stopping.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-16 23:03:07.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:07.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:07.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:07.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:07.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:07.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:06.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:06.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:06.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-16 23:03:06.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 2045.77 MB
Available physical RAM: 758.81 MB
Total Pagefile: 4340.55 MB
Available Pagefile: 2704.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.61 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:363.68 GB) (Free:191.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.92 GB) (Free:1.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=363.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Running from C:\Users\Mishjaimi\Downloads

Farber recovery scanner needs to be on the desktop or it will not work.

To move it to the desktop:

Navigate to your downloads folder--> C:\Users\Mishjaimi\Downloads

Open the downloads folder, find FRST, right click on it, choose cut.

Go to the desktop on an empty space right click choose paste.

You will have successfully moved FRST to the desktop.

Tell me when that exercise is completed.

Joe
  • 0

#7
frustratedidiot

frustratedidiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Oh! oops, sorry about that.  I've finished moving FRST to the desktop.


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK,

I need time to look over logs,will not be back until tomorrow. In the mean time.

Could you do Malwarebytes scan next, and run TFC. Instructions to follow:

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop

Post that log.

You can also get the Malwaerbytes log like this below
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
Next

Clean out your temporary internet files and temp files.

Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Post the:

Malwarebytes log in your next reply.

Joe
  • 0

#9
frustratedidiot

frustratedidiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for taking the time to help :)
Here is the Malwarebytes log.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/12/2014
Scan Time: 11:10:56 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.01.01
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Mishjaimi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434681
Time Elapsed: 28 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 15
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, No Action By User, [f20f1f4a6d0f2610be1ca33952b00000], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, No Action By User, [fc053d2c6e0ee1555fc5f1edda281be5], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, No Action By User, [fc053d2c6e0ee1555fc5f1edda281be5], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, No Action By User, [5da482e7bdbf38fedf7d9ec99271c23e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [f40d9ccdbbc11a1c180321ae8381f60a], 
PUP.Optional.Feven.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.7, No Action By User, [31d03336eb912c0a65e7049c7291659b], 
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MixiDJ_V8, No Action By User, [10f11257e5970036dad9f0af1be8ec14], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, No Action By User, [2bd6ed7c017ba98df7012b3ce221817f], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, No Action By User, [81808cdd522aba7cf290e58ae71c0af6], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, No Action By User, [55ac94d5b5c755e17ae291d6847f60a0], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [5ba658114438c86e1efdf2dda064bc44], 
PUP.Optional.Feven.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.7, No Action By User, [41c0f475a4d8d1658bc1208027dc2ad6], 
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MixiDJ_V8, No Action By User, [19e86108592342f46b48f9a647bc867a], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, No Action By User, [2fd2ca9f403c58de46b22b3c7a89d828], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-2204486101-728493013-4280112839-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, No Action By User, [966b7aefe19b6acc5a28d09fea1952ae], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
Rogue.Multiple, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\180352~1\bit1738.tmp, Good: (), Bad: (c:\progra~2\180352~1\bit1738.tmp),Replaced,[10f15d0c611bb284a417190214ef4fb1]
 
Folders: 7
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\AppsMetaData, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\ToolbarHiddenSettings, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\ToolbarSettings, No Action By User, [827f60099ede2115661b79b56c9715eb], 
Rogue.Multiple, C:\ProgramData\1803528019, Delete-on-Reboot, [10f15d0c611bb284a417190214ef4fb1], 
 
Files: 23
PUP.Optional.Multiplug, C:\Users\Mishjaimi\Downloads\lullatone+-+splitting+a+banana+split+(M.+Kokosova) - [MP3Juices.com].exe, No Action By User, [f20f1f4a6d0f2610be1ca33952b00000], 
PUP.Optional.OpenCandy, C:\Users\Mishjaimi\Desktop\InstallFreeRARExtractFrog.exe, No Action By User, [7b8642275923fe385d5bb7f3aa5b2fd1], 
PUP.Optional.MyPCBackup.A, C:\Users\Mishjaimi\AppData\Local\Temp\BackupSetup.exe, No Action By User, [e71a03669ae2979fb649a2428081d12f], 
PUP.Optional.MultiPlug, C:\Users\Mishjaimi\AppData\Local\Temp\s1s8\temp\setupbc.exe, No Action By User, [f40d99d08eee9e983c8395321fe2c33d], 
PUP.Optional.MultiPlug, C:\Users\Mishjaimi\AppData\Local\Temp\s1s8\temp\setupsm.exe, No Action By User, [dd2499d0463688ae457addea679ac63a], 
PUP.Optional.MultiPlug, C:\Users\Mishjaimi\AppData\Local\Temp\s1s8\temp\setupytb.exe, No Action By User, [e61b0069daa2ad89fbc46c5bd22ffb05], 
PUP.Optional.Booster.A, C:\Users\Mishjaimi\AppData\Local\Temp\s1s8\temp\usetup.exe, No Action By User, [32cf5811e09cc86e37d55e67b15121df], 
PUP.Optional.ClientConnect, C:\Users\Mishjaimi\Downloads\Royal_Defense_TSV4FOVIM.exe, No Action By User, [748d5e0be29a8ea896edd7e82bd6d12f], 
PUP.Optional.Softonic.A, C:\Users\Mishjaimi\Downloads\SoftonicDownloader_for_free-rar-extract-frog.exe, No Action By User, [06fb6603106cb6802dba192659a8629e], 
PUP.Optional.Downloader, C:\Users\Mishjaimi\Downloads\Twenty_One_Pilots_-_Guns_for_Hands_downloader (1).exe, No Action By User, [07fa1653bfbd49edcf5ca931659c12ee], 
PUP.Optional.Downloader, C:\Users\Mishjaimi\Downloads\Twenty_One_Pilots_-_Guns_for_Hands_downloader.exe, No Action By User, [de238adf5a22132379b2796132cfcc34], 
PUP.Optional.DomaIQ, C:\Users\Mishjaimi\Downloads\FastPlayerPro.exe, No Action By User, [36cb1c4d8cf078bed82fd7855ba5d42c], 
PUP.Optional.Softonic.A, C:\Users\Mishjaimi\Downloads\SoftonicDownloader_for_line (1).exe, No Action By User, [9b665217700cf34346a1df6027da07f9], 
PUP.Optional.Softonic.A, C:\Users\Mishjaimi\Downloads\SoftonicDownloader_for_line (2).exe, No Action By User, [9d646aff601c989eeff8a7983ac7ad53], 
PUP.Optional.Softonic.A, C:\Users\Mishjaimi\Downloads\SoftonicDownloader_for_line.exe, No Action By User, [33ceee7bacd0ee48c621132cdf2235cb], 
PUP.Optional.Softonic.A, C:\Users\Mishjaimi\Downloads\SoftonicDownloader_for_mypaint.exe, No Action By User, [44bdf079f38939fd7c6b320d36cbae52], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\AppsMetaData\data.bck.txt, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\AppsMetaData\data.txt, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\ToolbarHiddenSettings\data.txt, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\ToolbarSettings\data.bck.txt, No Action By User, [827f60099ede2115661b79b56c9715eb], 
PUP.Optional.MixiDJToolbar.A, C:\Users\Mishjaimi\AppData\LocalLow\MixiDJ_V8\Repository\conduit_CT3287822_CT3287822\ToolbarSettings\data.txt, No Action By User, [827f60099ede2115661b79b56c9715eb], 
Trojan.SProtector, C:\Users\Mishjaimi\AppData\Local\Temp\s1s8\temp\putfu.exe, Quarantined, [43be21480775d75fdf17fe71e21fde22], 
Rogue.Multiple, C:\ProgramData\1803528019\BIT1738.tmp, Delete-on-Reboot, [10f15d0c611bb284a417190214ef4fb1], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

RE:
Malwarebytes

No Action By User!

You want to delete this adware you need to take action.

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

Thanks
Joe :)
  • 0

Advertisements


#11
frustratedidiot

frustratedidiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I deleted the bugs that were in Quarantine and did another scan with MBAM. I then applied and restarted.

 

It seems like things are okay now! Are there any other steps I should take?

 

Thank you very much  :spoton:


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Yes there will be more to do, stick around till I say you're clean. I'll be with you as soon as possible.

Thanks
Joe :)
  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe
AppInit_DLLs: c:\progra~2\180352~1\bit1738.tmp => c:\ProgramData\1803528019\BIT1738.tmp [4125696 2014-05-22] ()
c:\ProgramData\1803528019\BIT1738.tmp [4125696 2014-05-22] ()
C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1001 -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt 
SearchScopes: HKLM -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {8CBE3FF8-BC71-4515-AC21-4B5338A96073} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {9227DF63-238D-48B7-AFFA-90916A8D4255} URL = http://search.live.c...#38;FORM=HVDCS7
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {CDF4930C-047B-4EFB-AA5C-49607F14FAA2} URL = http://websearch.ask...C7-A8E8B8D6C78B
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {D556EF7B-7F43-40AB-87C8-7E502485111F} URL = http://search.condui...2492166020&UM=2
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf61a92fa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17EDA5B7-9433-46F6-AB4A-55E83015E5C7}\MpKslf61a92fa.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-12-31 20:17 - 2014-12-31 20:17 - 00000000 __SHD () C:\found.007
2014-12-27 10:55 - 2014-12-27 10:55 - 00000000 __SHD () C:\found.006
2014-12-11 00:55 - 2014-12-11 00:57 - 970150285 _____ () C:\Users\Mishjaimi\Downloads\Unconfirmed 273219.crdownload
2014-12-31 00:41 - 2014-02-23 22:59 - 00000000 ____D () C:\temp
C:\Users\Mishjaimi\jagex_cl_oldschool_LIVE.dat
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE.dat
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE1.dat
C:\Users\Mishjaimi\random.dat
C:\Users\Mishjaimi\AppData\Local\Temp\7zip.exe
C:\Users\Mishjaimi\AppData\Local\Temp\aacdec.exe
C:\Users\Mishjaimi\AppData\Local\Temp\aacenc.exe
C:\Users\Mishjaimi\AppData\Local\Temp\advapi32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ANPDApi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\dnsapi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mishjaimi\AppData\Local\Temp\gdi32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\htmlayout.dll
C:\Users\Mishjaimi\AppData\Local\Temp\imm32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\iPodVoiceOverSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\kernel32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\lpk.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ly.exe
C:\Users\Mishjaimi\AppData\Local\Temp\mpsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\msctf.dll
C:\Users\Mishjaimi\AppData\Local\Temp\msvcrt.dll
C:\Users\Mishjaimi\AppData\Local\Temp\nsi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ntdll.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ole32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\optprosetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\Quarantine.exe
C:\Users\Mishjaimi\AppData\Local\Temp\recycle.exe
C:\Users\Mishjaimi\AppData\Local\Temp\rpcrt4.dll
C:\Users\Mishjaimi\AppData\Local\Temp\rsaenh.dll
C:\Users\Mishjaimi\AppData\Local\Temp\secur32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\Setup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\shell32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\shlwapi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\SLC.dll
C:\Users\Mishjaimi\AppData\Local\Temp\sqlite3.dll
C:\Users\Mishjaimi\AppData\Local\Temp\switchsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Mishjaimi\AppData\Local\Temp\tbKeyB.dll
C:\Users\Mishjaimi\AppData\Local\Temp\tbMixi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\tnsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838766.exe
C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838781.exe
C:\Users\Mishjaimi\AppData\Local\Temp\user32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\userenv.dll
C:\Users\Mishjaimi\AppData\Local\Temp\usp10.dll
C:\Users\Mishjaimi\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Mishjaimi\AppData\Local\Temp\ws2_32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\zipsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\_isBC24.exe
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\96? &amp; ??? - 96neko &amp; Kogeinu ~ ?????????? - Akatsuki Arrival   MP3 (HD).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Hungary- Hatafutte Parade [Full song with lyrics].mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Simple and Clean (Music box version).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Tales of Symphonia - Crazy Trading Town.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\The Scallop Dance (Tales of Legendia, Voice of Character Quest vol.2).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\_____ [8bit].mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\?????? - Romancing SaGa -Minstrel Song- Original Sound Track [Disc 3] - 14 - ????? (Ending Edit).mp3:TOC.WMV


CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply:

Post the Fixlog.txt
Post a fresh FRST scan.

Thanks
Joe :)
  • 0

#14
frustratedidiot

frustratedidiot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oh! Alright then. I Hope I did this right  :upset:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Mishjaimi at 2015-01-01 14:48:01 Run:1
Running from C:\Users\Mishjaimi\Desktop
Loaded Profiles: Mishjaimi & UpdatusUser (Available profiles: IUSR_NMPR & Mishjaimi & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe
AppInit_DLLs: c:\progra~2\180352~1\bit1738.tmp => c:\ProgramData\1803528019\BIT1738.tmp [4125696 2014-05-22] ()
c:\ProgramData\1803528019\BIT1738.tmp [4125696 2014-05-22] ()
C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1001 -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt 
SearchScopes: HKLM -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {8CBE3FF8-BC71-4515-AC21-4B5338A96073} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {9227DF63-238D-48B7-AFFA-90916A8D4255} URL = http://search.live.c...#38;FORM=HVDCS7
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {CDF4930C-047B-4EFB-AA5C-49607F14FAA2} URL = http://websearch.ask...C7-A8E8B8D6C78B
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {D556EF7B-7F43-40AB-87C8-7E502485111F} URL = http://search.condui...2492166020&UM=2
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf61a92fa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17EDA5B7-9433-46F6-AB4A-55E83015E5C7}\MpKslf61a92fa.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-12-31 20:17 - 2014-12-31 20:17 - 00000000 __SHD () C:\found.007
2014-12-27 10:55 - 2014-12-27 10:55 - 00000000 __SHD () C:\found.006
2014-12-11 00:55 - 2014-12-11 00:57 - 970150285 _____ () C:\Users\Mishjaimi\Downloads\Unconfirmed 273219.crdownload
2014-12-31 00:41 - 2014-02-23 22:59 - 00000000 ____D () C:\temp
C:\Users\Mishjaimi\jagex_cl_oldschool_LIVE.dat
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE.dat
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE1.dat
C:\Users\Mishjaimi\random.dat
C:\Users\Mishjaimi\AppData\Local\Temp\7zip.exe
C:\Users\Mishjaimi\AppData\Local\Temp\aacdec.exe
C:\Users\Mishjaimi\AppData\Local\Temp\aacenc.exe
C:\Users\Mishjaimi\AppData\Local\Temp\advapi32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ANPDApi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\dnsapi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mishjaimi\AppData\Local\Temp\gdi32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\htmlayout.dll
C:\Users\Mishjaimi\AppData\Local\Temp\imm32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\iPodVoiceOverSetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mishjaimi\AppData\Local\Temp\kernel32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\lpk.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ly.exe
C:\Users\Mishjaimi\AppData\Local\Temp\mpsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\msctf.dll
C:\Users\Mishjaimi\AppData\Local\Temp\msvcrt.dll
C:\Users\Mishjaimi\AppData\Local\Temp\nsi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ntdll.dll
C:\Users\Mishjaimi\AppData\Local\Temp\ole32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\optprosetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\Quarantine.exe
C:\Users\Mishjaimi\AppData\Local\Temp\recycle.exe
C:\Users\Mishjaimi\AppData\Local\Temp\rpcrt4.dll
C:\Users\Mishjaimi\AppData\Local\Temp\rsaenh.dll
C:\Users\Mishjaimi\AppData\Local\Temp\secur32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\Setup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\shell32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\shlwapi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\SLC.dll
C:\Users\Mishjaimi\AppData\Local\Temp\sqlite3.dll
C:\Users\Mishjaimi\AppData\Local\Temp\switchsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Mishjaimi\AppData\Local\Temp\tbKeyB.dll
C:\Users\Mishjaimi\AppData\Local\Temp\tbMixi.dll
C:\Users\Mishjaimi\AppData\Local\Temp\tnsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838766.exe
C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838781.exe
C:\Users\Mishjaimi\AppData\Local\Temp\user32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\userenv.dll
C:\Users\Mishjaimi\AppData\Local\Temp\usp10.dll
C:\Users\Mishjaimi\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Mishjaimi\AppData\Local\Temp\ws2_32.dll
C:\Users\Mishjaimi\AppData\Local\Temp\zipsetup.exe
C:\Users\Mishjaimi\AppData\Local\Temp\_isBC24.exe
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\96? &amp; ??? - 96neko &amp; Kogeinu ~ ?????????? - Akatsuki Arrival   MP3 (HD).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Hungary- Hatafutte Parade [Full song with lyrics].mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Simple and Clean (Music box version).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\Tales of Symphonia - Crazy Trading Town.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\The Scallop Dance (Tales of Legendia, Voice of Character Quest vol.2).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\_____ [8bit].mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\?????? - Romancing SaGa -Minstrel Song- Original Sound Track [Disc 3] - 14 - ????? (Ending Edit).mp3:TOC.WMV
 
 
CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
"c:\progra~2\180352~1\bit1738.tmp" => Value Data not found.
"c:\ProgramData\1803528019\BIT1738.tmp [4125696 2014-05-22] ()" => File/Directory not found.
"C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2204486101-728493013-4280112839-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E}" => Key deleted successfully.
HKCR\CLSID\{76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E}" => Key deleted successfully.
HKCR\CLSID\{76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found. 
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CBE3FF8-BC71-4515-AC21-4B5338A96073} => Key not found. 
HKCR\CLSID\{8CBE3FF8-BC71-4515-AC21-4B5338A96073} => Key not found. 
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9227DF63-238D-48B7-AFFA-90916A8D4255} => Key not found. 
HKCR\CLSID\{9227DF63-238D-48B7-AFFA-90916A8D4255} => Key not found. 
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDF4930C-047B-4EFB-AA5C-49607F14FAA2} => Key not found. 
HKCR\CLSID\{CDF4930C-047B-4EFB-AA5C-49607F14FAA2} => Key not found. 
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D556EF7B-7F43-40AB-87C8-7E502485111F} => Key not found. 
HKCR\CLSID\{D556EF7B-7F43-40AB-87C8-7E502485111F} => Key not found. 
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2204486101-728493013-4280112839-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
MpKslf61a92fa => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\found.007 => Moved successfully.
C:\found.006 => Moved successfully.
C:\Users\Mishjaimi\Downloads\Unconfirmed 273219.crdownload => Moved successfully.
C:\temp => Moved successfully.
C:\Users\Mishjaimi\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Mishjaimi\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Mishjaimi\random.dat => Moved successfully.
"C:\Users\Mishjaimi\AppData\Local\Temp\7zip.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\aacdec.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\aacenc.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\advapi32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\ANPDApi.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\dnsapi.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\dxwebsetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\fp_pl_pfs_installer.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\gdi32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\GoogleSetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\htmlayout.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\imm32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\iPodVoiceOverSetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\kernel32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\lpk.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\ly.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\mpsetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\msctf.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\msvcrt.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\nsi.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\ntdll.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\ole32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\optprosetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\recycle.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\rpcrt4.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\rsaenh.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\secur32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\Setup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\shell32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\shlwapi.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\SLC.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\switchsetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\SymLCSVC.EXE" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\tbKeyB.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\tbMixi.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\tnsetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838766.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\uninstall28838781.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\user32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\userenv.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\usp10.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\vcredist_x86.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\ws2_32.dll" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\zipsetup.exe" => File/Directory not found.
"C:\Users\Mishjaimi\AppData\Local\Temp\_isBC24.exe" => File/Directory not found.
"C:\Users\Mishjaimi\Downloads\96? &amp; ??? - 96neko &amp; Kogeinu ~ ?????????? - Akatsuki Arrival   MP3 (HD).mp3" => ":TOC.WMV" ADS not found.
C:\Users\Mishjaimi\Downloads\Hungary- Hatafutte Parade [Full song with lyrics].mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Mishjaimi\Downloads\Simple and Clean (Music box version).mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Mishjaimi\Downloads\Tales of Symphonia - Crazy Trading Town.mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Mishjaimi\Downloads\The Scallop Dance (Tales of Legendia, Voice of Character Quest vol.2).mp3 => ":TOC.WMV" ADS removed successfully.
C:\Users\Mishjaimi\Downloads\_____ [8bit].mp3 => ":TOC.WMV" ADS removed successfully.
"C:\Users\Mishjaimi\Downloads\?????? - Romancing SaGa -Minstrel Song- Original Sound Track [Disc 3] - 14 - ????? (Ending Edit).mp3" => ":TOC.WMV" ADS not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 365.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:50:09 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Mishjaimi (administrator) on MISHJAIMI-PC on 01-01-2015 15:12:03
Running from C:\Users\Mishjaimi\Desktop
Loaded Profiles: Mishjaimi & UpdatusUser (Available profiles: IUSR_NMPR & Mishjaimi & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Akamai Technologies, Inc.) C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-11-15] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [CCUTRAYICON] => FactoryMode
HKLM\...\Run: [SnapfishMediaDetector] => C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [1441792 2007-03-02] ()
HKLM\...\Run: [HP Software Update] => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\MountPoints2: {81e2efc4-8505-11e2-991d-001bfcdfd080} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1773568 2007-03-12] (Hewlett-Packard)
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Mishjaimi\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.16\OptProLauncher.exe
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\RunOnce: [DependencyCheck] => Performed
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\MountPoints2: {81e2efc4-8505-11e2-991d-001bfcdfd080} - K:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
Startup: C:\Users\Mishjaimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series.lnk
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-2204486101-728493013-4280112839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKU\S-1-5-21-2204486101-728493013-4280112839-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....minator=1_sp_ie
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {8CBE3FF8-BC71-4515-AC21-4B5338A96073} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {9227DF63-238D-48B7-AFFA-90916A8D4255} URL = http://search.live.c...#38;FORM=HVDCS7
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {CDF4930C-047B-4EFB-AA5C-49607F14FAA2} URL = http://websearch.ask...C7-A8E8B8D6C78B
SearchScopes: HKU\S-1-5-21-2204486101-728493013-4280112839-1002 -> {D556EF7B-7F43-40AB-87C8-7E502485111F} URL = http://search.condui...2492166020&UM=2
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.17 64.59.150.133
 
FireFox:
========
FF ProfilePath: C:\Users\Mishjaimi\AppData\Roaming\Mozilla\Firefox\Profiles\soj9uirm.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKU\S-1-5-21-2204486101-728493013-4280112839-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mishjaimi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2204486101-728493013-4280112839-1001: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-07]
FF Extension: No Name - C:\Users\Mishjaimi\AppData\Roaming\Mozilla\Firefox\Profiles\soj9uirm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mishjaimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MISHJA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-31]
CHR HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation) [File not signed]
S4 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] () [File not signed]
S4 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-11-15] (Intel Corporation) [File not signed]
S4 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation) [File not signed]
S4 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [354432 2007-01-14] (Hauppauge Computer Works, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [849248 2010-04-29] (Ralink Technology Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 15:12 - 2015-01-01 15:12 - 00020006 _____ () C:\Users\Mishjaimi\Desktop\FRST.txt
2015-01-01 00:20 - 2015-01-01 00:20 - 00000796 _____ () C:\Users\Mishjaimi\Desktop\TFC.exe - Shortcut.lnk
2015-01-01 00:19 - 2015-01-01 00:19 - 00448512 _____ (OldTimer Tools) C:\Users\Mishjaimi\Desktop\TFC.exe
2015-01-01 00:14 - 2015-01-01 00:14 - 00000919 _____ () C:\Users\Mishjaimi\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-31 23:03 - 2015-01-01 14:55 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 23:03 - 2014-12-31 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-31 23:03 - 2014-12-31 23:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-31 23:03 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-31 23:03 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-31 23:01 - 2014-12-31 23:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mishjaimi\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-31 21:49 - 2014-12-31 21:51 - 00029492 _____ () C:\Users\Mishjaimi\Downloads\Addition.txt
2014-12-31 21:48 - 2014-12-31 21:51 - 00038224 _____ () C:\Users\Mishjaimi\Downloads\FRST.txt
2014-12-31 21:47 - 2015-01-01 15:12 - 00000000 ____D () C:\FRST
2014-12-31 21:46 - 2014-12-31 21:46 - 01114624 _____ (Farbar) C:\Users\Mishjaimi\Desktop\FRST.exe
2014-12-31 20:54 - 2014-12-31 20:54 - 00002112 _____ () C:\Users\Mishjaimi\Desktop\JRT.txt
2014-12-31 20:40 - 2014-12-31 20:40 - 00000000 ____D () C:\Windows\ERUNT
2014-12-31 20:38 - 2014-12-31 20:39 - 01707939 _____ (Thisisu) C:\Users\Mishjaimi\Downloads\JRT.exe
2014-12-31 20:22 - 2014-12-31 20:22 - 00016660 _____ () C:\Users\Mishjaimi\Downloads\AdwCleaner[S0].txt
2014-12-31 20:03 - 2014-12-31 20:10 - 00000000 ____D () C:\AdwCleaner
2014-12-31 20:02 - 2014-12-31 20:02 - 02173952 _____ () C:\Users\Mishjaimi\Downloads\adwcleaner_4.106.exe
2014-12-31 19:45 - 2014-12-31 19:45 - 00602112 _____ (OldTimer Tools) C:\Users\Mishjaimi\Downloads\OTL (2).exe
2014-12-31 19:39 - 2014-12-31 19:39 - 00602112 _____ (OldTimer Tools) C:\Users\Mishjaimi\Downloads\OTL (1).exe
2014-12-31 05:07 - 2014-12-31 05:07 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-31 05:07 - 2014-12-31 05:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-31 03:35 - 2014-12-31 03:35 - 00000000 ____D () C:\Program Files\Anvisoft
2014-12-31 01:57 - 2014-12-31 01:57 - 00000000 ____D () C:\Users\Mishjaimi\Desktop\Old Firefox Data
2014-12-28 22:19 - 2014-12-28 22:19 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Hatoful Boyfriend.url
2014-12-28 20:56 - 2014-12-28 21:08 - 66731271 _____ () C:\Users\Mishjaimi\Downloads\holiwin_eg.zip
2014-12-28 19:42 - 2014-12-28 19:42 - 00008791 _____ () C:\Users\Mishjaimi\.recently-used.xbel
2014-12-27 19:26 - 2014-12-27 19:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 19:11 - 2014-12-27 19:11 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Krita Gemini Demo.url
2014-12-27 05:26 - 2014-12-27 05:26 - 00001190 _____ () C:\Users\Public\Desktop\Dandelion - Wishes brought to you - Demo.lnk
2014-12-27 05:26 - 2014-12-27 05:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dandelion - Wishes brought to you - Demo
2014-12-27 05:26 - 2014-12-27 05:26 - 00000000 ____D () C:\Program Files\Dandelion - Wishes brought to you - Demo
2014-12-27 05:20 - 2014-12-27 05:23 - 260119373 _____ (Cheritz ) C:\Users\Mishjaimi\Downloads\DandelionDemoEnglishInstaller_v1.92u.exe
2014-12-27 04:17 - 2014-12-27 04:17 - 00000866 _____ () C:\Users\Public\Desktop\Nameless Demo.lnk
2014-12-27 04:17 - 2014-12-27 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nameless Demo
2014-12-27 04:15 - 2014-12-27 04:15 - 00000000 ____D () C:\Program Files\Nameless Demo
2014-12-27 04:06 - 2014-12-27 04:09 - 351139568 _____ (Cheritz ) C:\Users\Mishjaimi\Downloads\NamelessEnglishDemo_Windows_10_31.exe
2014-12-26 14:40 - 2014-12-26 14:40 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Freedom Planet Demo.url
2014-12-26 01:49 - 2014-12-26 01:49 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Cherry Tree High Comedy Club Demo.url
2014-12-26 00:13 - 2014-12-25 19:57 - 00012005 _____ () C:\Users\Mishjaimi\AppData\Roaming\alsoft.ini
2014-12-25 21:49 - 2014-12-28 20:38 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\FEZ
2014-12-25 21:49 - 2014-12-25 21:49 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-25 21:49 - 2014-12-25 21:49 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-25 21:49 - 2014-12-25 21:49 - 00000000 ____D () C:\Program Files\OpenAL
2014-12-25 19:57 - 2014-12-25 19:57 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\FEZ.url
2014-12-25 19:25 - 2014-12-25 19:25 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Floating Point.url
2014-12-21 21:44 - 2014-12-21 21:44 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-12-21 21:42 - 2014-12-22 00:22 - 00019384 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-12-19 03:16 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-19 03:16 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-19 03:16 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-19 02:52 - 2014-12-28 22:19 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 02:52 - 2014-12-19 02:52 - 00000216 _____ () C:\Users\Mishjaimi\Desktop\Sonic Adventure 2.url
2014-12-16 06:24 - 2014-12-16 06:27 - 00008047 _____ () C:\Users\Mishjaimi\Downloads\Pulse_Prototype_Windows-ZIPReader.log
2014-12-16 06:24 - 2014-12-16 06:27 - 00000000 ____D () C:\Users\Mishjaimi\Downloads\Pulse_Prototype_Windows
2014-12-16 04:49 - 2014-12-16 06:23 - 562850311 _____ () C:\Users\Mishjaimi\Downloads\Pulse_Prototype_Windows.zip
2014-12-12 22:02 - 2014-12-12 22:02 - 00001610 _____ () C:\Users\Mishjaimi\Downloads\sonic-remixed-ZIPReader.log
2014-12-12 22:02 - 2014-12-12 22:02 - 00000000 ____D () C:\Users\Mishjaimi\Downloads\sonic-remixed
2014-12-12 22:00 - 2014-12-12 22:01 - 17411998 _____ () C:\Users\Mishjaimi\Downloads\sonic-remixed.zip
2014-12-11 02:07 - 2014-12-11 02:07 - 00200504 _____ () C:\Windows\Minidump\Mini121114-01.dmp
2014-12-10 03:06 - 2014-11-06 17:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 03:06 - 2014-11-03 16:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 03:02 - 2014-12-02 18:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 14:03 - 2014-11-24 12:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 14:03 - 2014-11-24 12:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 14:03 - 2014-11-24 12:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 14:03 - 2014-11-24 12:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 14:03 - 2014-11-24 12:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 14:03 - 2014-11-24 12:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 14:03 - 2014-11-24 12:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 14:03 - 2014-11-24 12:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 14:03 - 2014-11-24 12:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 14:03 - 2014-11-24 12:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 14:03 - 2014-11-24 12:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 14:03 - 2014-11-24 12:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 14:03 - 2014-11-24 12:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 15:08 - 2013-12-04 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 14:58 - 2013-03-02 20:30 - 01824890 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 14:56 - 2014-04-25 07:45 - 00000000 ___RD () C:\Users\Mishjaimi\Google Drive
2015-01-01 14:52 - 2013-03-10 10:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 14:52 - 2013-03-07 03:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-01 14:52 - 2007-06-04 12:28 - 00000000 ____D () C:\Windows\SMINST
2015-01-01 14:52 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 14:52 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 14:52 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 14:51 - 2006-11-02 05:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 14:49 - 2013-03-03 11:42 - 00000000 ____D () C:\Users\Mishjaimi
2015-01-01 14:39 - 2013-03-10 10:31 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 00:45 - 2013-03-07 03:56 - 00151292 _____ () C:\Windows\PFRO.log
2014-12-31 23:03 - 2014-02-23 23:31 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\Malwarebytes
2014-12-31 23:03 - 2014-02-23 23:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-31 23:03 - 2014-02-23 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 05:07 - 2013-03-10 10:31 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Local\Google
2014-12-31 05:07 - 2013-03-10 10:31 - 00000000 ____D () C:\Program Files\Google
2014-12-31 03:50 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-12-31 03:50 - 2006-11-02 02:22 - 53477376 _____ () C:\Windows\system32\config\software_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 44302336 _____ () C:\Windows\system32\config\components_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 20185088 _____ () C:\Windows\system32\config\system_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-12-31 03:50 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-12-31 03:49 - 2014-11-11 13:16 - 00000000 ____D () C:\Program Files\Steam
2014-12-31 03:49 - 2014-02-16 23:48 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Local\Akamai
2014-12-31 03:49 - 2014-02-14 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-31 03:49 - 2014-01-10 12:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-31 03:49 - 2013-12-04 10:37 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-31 03:49 - 2007-06-04 11:59 - 00000000 ___HD () C:\Users\IUSR_NMPR
2014-12-31 03:49 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\spool
2014-12-31 03:49 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-12-31 01:44 - 2013-04-29 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 19:32 - 2014-09-17 21:01 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\krita
2014-12-27 05:27 - 2014-01-19 14:00 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\RenPy
2014-12-27 04:20 - 2013-03-04 11:37 - 00001356 _____ () C:\Users\Mishjaimi\AppData\Local\d3d9caps.dat
2014-12-25 22:25 - 2013-08-07 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-25 14:40 - 2014-11-11 13:16 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-12-25 11:59 - 2014-04-18 13:35 - 00000000 ____D () C:\Users\Mishjaimi\AppData\Roaming\gtk-2.0
2014-12-22 00:38 - 2007-06-04 11:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-22 00:32 - 2007-06-04 11:58 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-12-17 13:25 - 2006-11-02 02:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:37 - 2014-02-17 23:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 03:04 - 2014-02-17 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-11 02:06 - 2014-02-12 12:02 - 203337518 _____ () C:\Windows\MEMORY.DMP
2014-12-10 03:41 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:07 - 2007-06-04 12:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-01 14:59
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Mishjaimi at 2015-01-01 15:12:53
Running from C:\Users\Mishjaimi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\uTorrent) (Version: 3.4.2.31893 - BitTorrent Inc.)
ACE Online (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1) (Version:  - Suba Games)
ActiveState Komodo Edit 8.5.3 (HKLM\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Advanced Fix 2014 version 2.1.3.85 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.85 - Advanced Fix, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-6 - Wacom Technology Corp.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cherry Tree High Comedy Club Demo (HKLM\...\Steam App 223890) (Version:  - 773)
CLIP STUDIO PAINT (HKLM\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.2.7 - CELSYS)
CopyTrans Suite (HKLM\...\CopyTrans Suite) (Version:  - )
Dandelion - Wishes brought to you - Demo version 1.92 (HKLM\...\{795EAB32-6331-420A-A57B-AAA3FC14ED0E}_is1) (Version: 1.92 - Cheritz)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Express Zip (HKLM\...\ExpressZip) (Version: 2.28 - NCH Software)
FEZ (HKLM\...\Steam App 224760) (Version:  - Polytron Corporation)
Five Nights at Freddy's DEMO (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\Five Nights at Freddy's DEMO) (Version:  - )
Floating Point (HKLM\...\Steam App 302380) (Version:  - Suspicious Developments)
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Freedom Planet Demo (HKLM\...\Steam App 311950) (Version:  - GalaxyTrail)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
Hatoful Boyfriend (HKLM\...\Steam App 310080) (Version:  - Mediatonic)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{C75A8117-BC46-4236-9AB8-5955DBA18A09}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
HP Total Care Advisor (HKLM\...\{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}) (Version: 1.1.17 - Hewlett-Packard)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.005 - Hewlett-Packard)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.361.6 - Intel Corporation)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
join.me (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\JoinMe) (Version: 1.9.0.133 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\JoinMe) (Version: 1.9.0.133 - LogMeIn, Inc.)
JTablet (HKLM\...\JTablet) (Version:  - )
Krita Desktop (x86) "2.8.3.0" (HKLM\...\{97C8B983-5F54-4FB9-AF90-D10A22CD5A17}) (Version: 2.8.3.0 - KO GmbH)
Krita Gemini Demo (HKLM\...\Steam App 289970) (Version:  - KO GmbH)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LINE (HKLM\...\LINE) (Version: 3.5.3.23 - LINE Corporation)
Lucent Heart EN (HKLM\...\{3C05F539-3641-4ED1-B88F-DEA9DAD620E3}) (Version: 7.02.0700 - Suba Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MediaDrug (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaDrug (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaHuman YouTube to MP3 Converter version 3.5.2 (HKLM\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.5.2 - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MixPad (HKLM\...\MixPad) (Version: 3.39 - NCH Software)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1701 - WildTangent)
MyPaint 0.9.0 (HKLM\...\MyPaint) (Version: 0.9.0 - Martin Renold & MyPaint Development Team)
Nameless Demo version 1.1 (HKLM\...\{60E0B16F-DEA2-4811-BBEF-6888525A0E2A}_is1) (Version: 1.1 - Cheritz)
NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.07 - NCH Software)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9621 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PowerPaint 2.50 (HKLM\...\PowerPaint_is1) (Version:  - FLISoft)
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5377 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
ScreenShot V1.1.0.0 (HKLM\...\{1BBEB0C2-B5F6-4B8E-A4EA-1B13C45FCE7D}) (Version: 1.1.0 - MichaelFontana)
Snapfish Media Detector (HKLM\...\{4EF6FDB0-3B11-4820-9860-8E08E9965195}) (Version: 1.7.0.15 - HP Snapfish)
SnowFox iPad Video Converter 3.3.1.0 (HKLM\...\SnowFox iPad Video Converter_is1) (Version:  - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Sonic Adventure™ 2  (HKLM\...\Steam App 213610) (Version:  - SEGA)
Stairs - The Game (HKLM\...\UDK-384a8f75-8fdc-4db2-a492-3f9a1bfef2e3) (Version:  - Epic Games, Inc.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Unity Web Player (HKU\S-1-5-21-2204486101-728493013-4280112839-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2204486101-728493013-4280112839-1002\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.55 - NCH Software)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Mishjaimi\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Mishjaimi\Downloads\lullatone+-+splitting+a+banana+split+(M.+Kokosova) - [MP3Juices.com].ex (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1002_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-2204486101-728493013-4280112839-1002_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\UpdatusUser\Downloads\lullatone+-+splitting+a+banana+split+(M.+Kokosova) - [MP3Juices.com]. (the data entry has 11 more characters).
 
==================== Restore Points  =========================
 
17-12-2014 19:05:15 Windows Update
19-12-2014 03:12:55 Installed DirectX
20-12-2014 00:43:34 Scheduled Checkpoint
21-12-2014 13:13:15 Scheduled Checkpoint
21-12-2014 13:23:09 Windows Update
22-12-2014 08:20:24 Scheduled Checkpoint
23-12-2014 09:36:40 Scheduled Checkpoint
24-12-2014 11:45:44 Scheduled Checkpoint
24-12-2014 15:51:38 Windows Update
25-12-2014 21:47:18 Installed DirectX
25-12-2014 22:24:51 Windows Update
26-12-2014 18:33:49 Scheduled Checkpoint
27-12-2014 18:10:54 Scheduled Checkpoint
27-12-2014 19:26:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
28-12-2014 02:50:57 Windows Update
28-12-2014 19:36:53 Scheduled Checkpoint
29-12-2014 08:41:21 Scheduled Checkpoint
31-12-2014 01:20:59 Restore Operation
31-12-2014 03:35:26 Windows Update
31-12-2014 03:42:51 Restore Operation
31-12-2014 04:05:57 Windows Update
01-01-2015 14:48:11 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 02:23 - 2015-01-01 14:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2E4F5818-2E10-444B-BE2F-7DF92BB0379A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {49675659-946D-41B2-AED6-9D528B576CE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {899B898E-9DA3-4CB8-9316-2F475C17BDFE} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-18] (Microsoft Corporation)
Task: {90ADC938-7245-417D-9E61-F3D619ABE51A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {967CDA5D-218C-47D9-9821-92BB157CB6A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12] (Adobe Systems Incorporated)
Task: {AEFDD31F-6684-4D88-9B2D-506C27DEC569} - System32\Tasks\AllmyappsUpdateTask => c:\users\mishjaimi\appdata\roaming\allmyapps\allmyappsupdater.exe
Task: {B4994A59-1BA5-4F3F-8426-29914A47B3EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DBD9B7B2-5A71-4B26-B01C-E30737695F68} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-07 16:53 - 2010-10-21 08:38 - 00962416 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-01-01 14:56 - 2015-01-01 14:56 - 00098816 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32api.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00110080 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\pywintypes27.dll
2015-01-01 14:56 - 2015-01-01 14:56 - 00364544 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\pythoncom27.dll
2015-01-01 14:56 - 2015-01-01 14:56 - 00045568 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\_socket.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 01160704 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\_ssl.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00320512 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32com.shell.shell.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00713216 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\_hashlib.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 01175040 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._core_.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00805888 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._gdi_.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00811008 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._windows_.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 01062400 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._controls_.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00735232 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._misc_.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00128512 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\_elementtree.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00127488 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\pyexpat.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00557056 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\pysqlite2._sqlite.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00087552 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\_ctypes.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00119808 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32file.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00108544 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32security.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00007168 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\hashobjs_ext.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00167936 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32gui.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00018432 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32event.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00038912 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32inet.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00011264 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32crypt.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00070656 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._html2.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00027136 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\_multiprocessing.pyd
2015-01-01 14:55 - 2015-01-01 14:55 - 00035840 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32process.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00686080 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\unicodedata.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00122368 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._wizard.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00024064 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32pipe.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00025600 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32pdh.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00525640 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\windows._lib_cacheinvalidation.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00010240 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\select.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00017408 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32profile.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00022528 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\win32ts.pyd
2015-01-01 14:56 - 2015-01-01 14:56 - 00078336 _____ () C:\Users\Mishjaimi\AppData\Local\Temp\_MEI38602\wx._animate.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\96猫 &amp; コゲ犬 - 96neko &amp; Kogeinu ~ アカツキアライヴァル - Akatsuki Arrival   MP3 (HD).mp3:TOC.WMV
AlternateDataStreams: C:\Users\Mishjaimi\Downloads\山崎まさよし - Romancing SaGa -Minstrel Song- Original Sound Track [Disc 3] - 14 - メヌエット (Ending Edit).mp3:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DQLWinService => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IntelDHSvcConf => 2
MSCONFIG\Services: ISSM => 3
MSCONFIG\Services: M1 Server => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RoxMediaDB9 => 3
MSCONFIG\Services: stllssvr => 3
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2204486101-728493013-4280112839-500 - Administrator - Disabled)
Guest (S-1-5-21-2204486101-728493013-4280112839-501 - Limited - Disabled)
IUSR_NMPR (S-1-5-21-2204486101-728493013-4280112839-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
Mishjaimi (S-1-5-21-2204486101-728493013-4280112839-1001 - Administrator - Enabled) => C:\Users\Mishjaimi
UpdatusUser (S-1-5-21-2204486101-728493013-4280112839-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2015 02:56:56 PM) (Source: ESENT) (EventID: 454) (User: )
Description: InputPersonalization (852) InkStore: Database recovery/restore failed with unexpected error -1216.
 
Error: (01/01/2015 02:56:56 PM) (Source: ESENT) (EventID: 494) (User: )
Description: InputPersonalization (852) InkStore: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Mishjaimi\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (01/01/2015 02:48:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d693b7e1-ec35-47e0-b3f6-524c373b299b}
 
Error: (01/01/2015 00:49:55 PM) (Source: ESENT) (EventID: 454) (User: )
Description: InputPersonalization (2676) InkStore: Database recovery/restore failed with unexpected error -1216.
 
Error: (01/01/2015 00:49:55 PM) (Source: ESENT) (EventID: 494) (User: )
Description: InputPersonalization (2676) InkStore: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Mishjaimi\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (01/01/2015 00:37:28 PM) (Source: ESENT) (EventID: 454) (User: )
Description: InputPersonalization (1076) InkStore: Database recovery/restore failed with unexpected error -1216.
 
Error: (01/01/2015 00:37:28 PM) (Source: ESENT) (EventID: 494) (User: )
Description: InputPersonalization (1076) InkStore: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Mishjaimi\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (01/01/2015 10:53:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33439688
 
Error: (01/01/2015 10:53:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33439688
 
Error: (01/01/2015 10:53:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/01/2015 02:54:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Restart the service
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LightScribeService Direct Disc Labeling Service1
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMService1
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: TabletServicePen1
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (01/01/2015 02:48:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Wacom Consumer Touch Service1
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-01 15:12:41.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 15:12:41.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 15:12:41.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 15:12:40.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 14:54:32.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 12:47:28.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 12:34:48.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 12:02:31.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 12:02:31.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-01 12:02:31.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 2045.77 MB
Available physical RAM: 1023.36 MB
Total Pagefile: 4334.55 MB
Available Pagefile: 3056.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.47 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:363.68 GB) (Free:201.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.92 GB) (Free:1.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=363.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

I'd like to run combofix.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


In your next post I need the following:

Log from Combofix
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP