Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
My browser opens "login.lataminternet.com" and usb shows a trash folder
Message
<blockquote data-quote="Rohr35" data-source="post: 291700" data-attributes="member: 29426"><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014</p><p>Ran by Andres at 2014-11-03 15:28:26</p><p>Running from C:\Users\Andres\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )</p><p>Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)</p><p>Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Applian FLV and Media Player 3.1.1.12 (HKLM\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)</p><p>Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)</p><p>Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)</p><p>Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)</p><p>Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)</p><p>AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)</p><p>AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden</p><p>AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden</p><p>AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)</p><p>Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)</p><p>Compatibilidad con Aplicaciones de Apple (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)</p><p>Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.31.4.0 - Conexant)</p><p>Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)</p><p>FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)</p><p>Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)</p><p>Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)</p><p>Google Talk Plugin (HKLM\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)</p><p>Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden</p><p>GoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline)</p><p>HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)</p><p>Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)</p><p>Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)</p><p>Internet Telcel Banda Ancha Móvil (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )</p><p>iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)</p><p>Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)</p><p>LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)</p><p>RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)</p><p>Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)</p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p>Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)</p><p>Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)</p><p>TK8 StickyNotes 4.3 (HKLM\...\TK8 StickyNotes_is1) (Version: - TK8 Software)</p><p>Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )</p><p>TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.104 - TuneUp Software)</p><p>TuneUp Utilities 2012 (Version: 12.0.3600.104 - TuneUp Software) Hidden</p><p>TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104 - TuneUp Software) Hidden</p><p>VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden</p><p>WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Andres\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1767\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>16-10-2014 08:00:40 Windows Update</p><p>27-10-2014 21:32:23 zoek.exe restore point</p><p>03-11-2014 19:00:17 zoek.exe restore point</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 20:04 - 2013-08-09 04:03 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {018134C5-D6B0-4D19-AE96-4A7BDD70A2A6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)</p><p>Task: {0746ADBF-CF6E-44F4-AF04-66E720C02B78} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)</p><p>Task: {1D9CD3F2-587B-4129-9669-A00B6C17D287} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)</p><p>Task: {310F6B07-F433-4A1D-89C9-747AE97206B0} - System32\Tasks\Google Updater and Installer => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)</p><p>Task: {49B9BB13-D3D8-4B60-BEC0-584AB39A826A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31] (Facebook Inc.)</p><p>Task: {69223E26-D18A-4D36-B9F9-0814D73F20EA} - System32\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001 => C:\Program Files\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-10-23] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {848E637B-3BC5-401D-A12A-D831DAA44525} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)</p><p>Task: {84F10BF4-227D-4BE0-ADA8-4ECAE5C8DB06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)</p><p>Task: {C0876AF1-A304-41D4-B663-841D4F0F3135} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31] (Facebook Inc.)</p><p>Task: {D31920AE-32F4-4686-9851-2AEDF03D0BA6} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>Task: {E31BF408-466C-4941-8F09-F4EFE1256699} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {F2A30414-AFD8-4F1E-B09A-C75315BEDC40} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe</p><p>Task: {F6E7B92B-44EB-4D3E-9577-1192399EFD8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job => C:\Program Files\Citrix\GoToMeeting\1767\g2mupdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2014-10-19 04:40 - 2013-11-05 09:32 - 10103808 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe</p><p>2014-11-03 05:15 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll</p><p>2014-11-03 05:15 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll</p><p>2014-11-03 05:15 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll</p><p>2014-11-03 05:15 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll</p><p>2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf</p><p>2014-11-03 05:15 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99077618.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99077618.sys => ""="Driver"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-1794085492-3921057888-2474691628-500 - Administrator - Disabled)</p><p>Andres (S-1-5-21-1794085492-3921057888-2474691628-1001 - Administrator - Enabled) => C:\Users\Andres</p><p>Guest (S-1-5-21-1794085492-3921057888-2474691628-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-1794085492-3921057888-2474691628-1002 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (11/03/2014 11:47:12 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 368</p><p></p><p>Start Time: 01cff78dffac7f57</p><p></p><p>Termination Time: 40</p><p></p><p>Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe</p><p></p><p>Report Id: 62b9fa2e-6381-11e4-87b8-001d7262ff5e</p><p></p><p>Error: (11/03/2014 11:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 12a8</p><p></p><p>Start Time: 01cff78de75fea89</p><p></p><p>Termination Time: 46</p><p></p><p>Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe</p><p></p><p>Report Id: 5085d441-6381-11e4-87b8-001d7262ff5e</p><p></p><p>Error: (10/31/2014 03:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: d74</p><p></p><p>Start Time: 01cff551d40e5833</p><p></p><p>Termination Time: 75</p><p></p><p>Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe</p><p></p><p>Report Id: 67cbfe69-6148-11e4-a359-001d7262ff5e</p><p></p><p>Error: (10/31/2014 03:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 168</p><p></p><p>Start Time: 01cff550cf5fa19d</p><p></p><p>Termination Time: 40</p><p></p><p>Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe</p><p></p><p>Report Id: 287eb3b4-6144-11e4-a359-001d7262ff5e</p><p></p><p>Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 4711</p><p></p><p>Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 4711</p><p></p><p>Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 3541</p><p></p><p>Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 3541</p><p></p><p>Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (11/03/2014 01:20:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )</p><p>Description: The ScRegSetValueExW call failed for FailureActions with the following error: </p><p>%%5</p><p></p><p>Error: (11/03/2014 01:16:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (11/03/2014 01:16:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (11/03/2014 11:47:12 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: QuickTimePlayer.exe7.75.80.9536801cff78dffac7f5740C:\Program Files\QuickTime\QuickTimePlayer.exe62b9fa2e-6381-11e4-87b8-001d7262ff5e</p><p></p><p>Error: (11/03/2014 11:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: QuickTimePlayer.exe7.75.80.9512a801cff78de75fea8946C:\Program Files\QuickTime\QuickTimePlayer.exe5085d441-6381-11e4-87b8-001d7262ff5e</p><p></p><p>Error: (10/31/2014 03:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: QuickTimePlayer.exe7.75.80.95d7401cff551d40e583375C:\Program Files\QuickTime\QuickTimePlayer.exe67cbfe69-6148-11e4-a359-001d7262ff5e</p><p></p><p>Error: (10/31/2014 03:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: QuickTimePlayer.exe7.75.80.9516801cff550cf5fa19d40C:\Program Files\QuickTime\QuickTimePlayer.exe287eb3b4-6144-11e4-a359-001d7262ff5e</p><p></p><p>Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 4711</p><p></p><p>Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 4711</p><p></p><p>Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 3541</p><p></p><p>Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 3541</p><p></p><p>Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2013-09-29 23:41:52.734</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 23:38:59.758</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 23:36:28.445</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 23:24:15.586</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 21:39:21.394</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 21:33:33.669</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 21:31:18.823</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 21:10:12.793</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 20:57:45.150</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2013-09-29 20:56:49.729</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz</p><p>Percentage of memory in use: 59%</p><p>Total physical RAM: 3062.37 MB</p><p>Available physical RAM: 1231.89 MB</p><p>Total Pagefile: 6123.02 MB</p><p>Available Pagefile: 3893.16 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1912.66 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:221.2 GB) (Free:140.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</p><p>Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6E186E18)</p><p>Partition 1: (Active) - (Size=221.2 GB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Rohr35, post: 291700, member: 29426"] Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014 Ran by Andres at 2014-11-03 15:28:26 Running from C:\Users\Andres\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated) Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Applian FLV and Media Player 3.1.1.12 (HKLM\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies) Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.) Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk) Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.) AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies) AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix) Compatibilidad con Aplicaciones de Apple (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.31.4.0 - Conexant) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Talk Plugin (HKLM\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden GoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Internet Telcel Banda Ancha Móvil (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle) LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH) Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) TK8 StickyNotes 4.3 (HKLM\...\TK8 StickyNotes_is1) (Version: - TK8 Software) Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.104 - TuneUp Software) TuneUp Utilities 2012 (Version: 12.0.3600.104 - TuneUp Software) Hidden TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104 - TuneUp Software) Hidden VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Andres\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1767\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.) ==================== Restore Points ========================= 16-10-2014 08:00:40 Windows Update 27-10-2014 21:32:23 zoek.exe restore point 03-11-2014 19:00:17 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:04 - 2013-08-09 04:03 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {018134C5-D6B0-4D19-AE96-4A7BDD70A2A6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software) Task: {0746ADBF-CF6E-44F4-AF04-66E720C02B78} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {1D9CD3F2-587B-4129-9669-A00B6C17D287} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.) Task: {310F6B07-F433-4A1D-89C9-747AE97206B0} - System32\Tasks\Google Updater and Installer => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.) Task: {49B9BB13-D3D8-4B60-BEC0-584AB39A826A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31] (Facebook Inc.) Task: {69223E26-D18A-4D36-B9F9-0814D73F20EA} - System32\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001 => C:\Program Files\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-10-23] (Citrix Online, a division of Citrix Systems, Inc.) Task: {848E637B-3BC5-401D-A12A-D831DAA44525} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.) Task: {84F10BF4-227D-4BE0-ADA8-4ECAE5C8DB06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.) Task: {C0876AF1-A304-41D4-B663-841D4F0F3135} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31] (Facebook Inc.) Task: {D31920AE-32F4-4686-9851-2AEDF03D0BA6} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task: {E31BF408-466C-4941-8F09-F4EFE1256699} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F2A30414-AFD8-4F1E-B09A-C75315BEDC40} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {F6E7B92B-44EB-4D3E-9577-1192399EFD8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job => C:\Program Files\Citrix\GoToMeeting\1767\g2mupdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-10-19 04:40 - 2013-11-05 09:32 - 10103808 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe 2014-11-03 05:15 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-11-03 05:15 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-11-03 05:15 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-11-03 05:15 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-11-03 05:15 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99077618.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99077618.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1794085492-3921057888-2474691628-500 - Administrator - Disabled) Andres (S-1-5-21-1794085492-3921057888-2474691628-1001 - Administrator - Enabled) => C:\Users\Andres Guest (S-1-5-21-1794085492-3921057888-2474691628-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1794085492-3921057888-2474691628-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/03/2014 11:47:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 368 Start Time: 01cff78dffac7f57 Termination Time: 40 Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe Report Id: 62b9fa2e-6381-11e4-87b8-001d7262ff5e Error: (11/03/2014 11:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12a8 Start Time: 01cff78de75fea89 Termination Time: 46 Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe Report Id: 5085d441-6381-11e4-87b8-001d7262ff5e Error: (10/31/2014 03:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d74 Start Time: 01cff551d40e5833 Termination Time: 75 Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe Report Id: 67cbfe69-6148-11e4-a359-001d7262ff5e Error: (10/31/2014 03:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 168 Start Time: 01cff550cf5fa19d Termination Time: 40 Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe Report Id: 287eb3b4-6144-11e4-a359-001d7262ff5e Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4711 Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4711 Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3541 Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3541 Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (11/03/2014 01:20:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (11/03/2014 01:16:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 01:16:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (11/03/2014 11:47:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: QuickTimePlayer.exe7.75.80.9536801cff78dffac7f5740C:\Program Files\QuickTime\QuickTimePlayer.exe62b9fa2e-6381-11e4-87b8-001d7262ff5e Error: (11/03/2014 11:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: QuickTimePlayer.exe7.75.80.9512a801cff78de75fea8946C:\Program Files\QuickTime\QuickTimePlayer.exe5085d441-6381-11e4-87b8-001d7262ff5e Error: (10/31/2014 03:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: QuickTimePlayer.exe7.75.80.95d7401cff551d40e583375C:\Program Files\QuickTime\QuickTimePlayer.exe67cbfe69-6148-11e4-a359-001d7262ff5e Error: (10/31/2014 03:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: QuickTimePlayer.exe7.75.80.9516801cff550cf5fa19d40C:\Program Files\QuickTime\QuickTimePlayer.exe287eb3b4-6144-11e4-a359-001d7262ff5e Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4711 Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4711 Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3541 Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3541 Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2013-09-29 23:41:52.734 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 23:38:59.758 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 23:36:28.445 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 23:24:15.586 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 21:39:21.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 21:33:33.669 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 21:31:18.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 21:10:12.793 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 20:57:45.150 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-09-29 20:56:49.729 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz Percentage of memory in use: 59% Total physical RAM: 3062.37 MB Available physical RAM: 1231.89 MB Total Pagefile: 6123.02 MB Available Pagefile: 3893.16 MB Total Virtual: 2047.88 MB Available Virtual: 1912.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:221.2 GB) (Free:140.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6E186E18) Partition 1: (Active) - (Size=221.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top