Juliet helped me with a similar problem back in October (http://forums.spybot.info/showthread.php?71353-Many-dllhost-exe-*32-processes-from-Syswow64-folder). Now my computer is running slow again, making sounds like it's processing something without any programs open, and when I open the task manager, I find duplicates of various processes (common32.exe *32, dllhost.exe *32, dpnsvr.exe *32, etc.) using up memory.

I've run the Registry Backup and posted the Farbar Recovery Scan Tool and the aswMBR logs below:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Ryan (administrator) on RYAN-PC on 21-01-2015 17:20:23
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sentelic Corporation) C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIZIO Computer Inc.) C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FspUip] => C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe [5406104 2012-05-01] (Sentelic Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-09] (SRS Labs, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [OSD Utility] => C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe [7892992 2012-04-27] (VIZIO Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-27] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-14] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1987813687-3303645166-2786259458-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1987813687-3303645166-2786259458-1001: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1987813687-3303645166-2786259458-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1987813687-3303645166-2786259458-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-11-12] (Nalpeiron Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35840 2012-04-02] (Cirrus Logic)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [156360 2014-04-11] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 ViWDM; C:\Windows\System32\DRIVERS\ViWDM.SYS [14336 2012-03-07] (Primax Electronics Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-04-15] (Rsupport Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 17:21 - 2015-01-21 17:21 - 00053564 _____ () C:\Users\Ryan\Desktop\aswMBR.exe.j628q1j.partial
2015-01-21 17:20 - 2015-01-21 17:21 - 00015427 _____ () C:\Users\Ryan\Desktop\FRST.txt
2015-01-21 17:19 - 2015-01-21 17:20 - 00000000 ____D () C:\FRST
2015-01-21 17:18 - 2015-01-21 17:18 - 02126848 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2015-01-21 17:05 - 2015-01-21 17:08 - 04215584 _____ () C:\Users\Ryan\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-21 16:42 - 2015-01-21 16:42 - 00000000 ___RD () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-19 14:48 - 2015-01-19 14:48 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{B450593E-2A36-4741-8342-5834A728938C}
2015-01-18 01:31 - 2015-01-18 01:31 - 00002760 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2015-01-17 22:54 - 2015-01-17 22:54 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{5B762BD5-50CD-46AF-848F-A04E6561EAD5}
2015-01-17 22:25 - 2015-01-19 16:57 - 00000000 ____D () C:\Users\Ryan\Desktop\Vocabulary images
2015-01-13 15:30 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:30 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:30 - 2014-12-12 01:07 - 05553080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:30 - 2014-12-12 01:07 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-13 15:30 - 2014-12-12 01:05 - 00617384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-13 15:30 - 2014-12-12 00:45 - 03977656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:30 - 2014-12-12 00:45 - 03921848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:30 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:30 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:30 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:30 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:30 - 2014-10-28 21:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-01-11 20:48 - 2015-01-21 16:57 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-11 20:48 - 2015-01-21 16:57 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-06 16:39 - 2015-01-06 16:39 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{CB7F6179-EB89-4125-A544-E975DD041AB2}
2015-01-01 11:56 - 2015-01-01 11:56 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{D71B18BE-0113-42B2-94E6-B576C040378F}
2014-12-29 21:25 - 2014-12-29 21:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 17:08 - 2014-10-30 00:27 - 00002246 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-21 16:45 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 16:45 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 16:44 - 2012-06-09 02:40 - 01812868 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 16:41 - 2013-10-27 14:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
2015-01-21 16:39 - 2012-01-02 04:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 16:38 - 2012-05-04 13:49 - 00075066 _____ () C:\Windows\setupact.log
2015-01-21 16:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 01:34 - 2014-10-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 01:33 - 2014-10-15 15:38 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 01:33 - 2014-10-15 15:38 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 01:33 - 2014-10-15 15:38 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 01:33 - 2014-10-15 15:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 01:33 - 2013-10-25 17:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-20 21:41 - 2013-10-27 14:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
2015-01-20 21:03 - 2012-08-05 23:52 - 00000000 ____D () C:\Users\Ryan\Documents\Bluetooth Folder
2015-01-20 00:55 - 2012-08-10 11:38 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2015-01-19 19:24 - 2013-10-16 05:44 - 00000000 ____D () C:\Users\Ryan\Documents\Postcolonial Medicine
2015-01-19 19:20 - 2013-02-09 15:54 - 00000000 ____D () C:\Users\Ryan\Documents\Poems
2015-01-18 01:31 - 2012-11-08 14:14 - 00000000 ____D () C:\Users\Ryan\.gimp-2.8
2015-01-13 17:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 16:18 - 2014-05-09 16:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 16:16 - 2014-05-09 16:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:17 - 2012-01-02 04:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 15:17 - 2012-01-02 04:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 15:17 - 2012-01-02 04:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-06 22:49 - 2013-01-18 22:39 - 00785920 ___SH () C:\Users\Ryan\Desktop\Thumbs.db
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2015-01-18 01:31 - 2015-01-18 01:31 - 0002760 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 14:35

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Ryan at 2015-01-21 17:21:39
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio (HKLM-x32\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 10.14.0.0 - Cirrus Logic)
Cirrus Logic Audio x64 (Version: 7.25.38.0 - Cirrus Logic) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
GoToMeeting 5.3.0.1009 (HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Perfect Photo Suite 7.0.1 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.0.1 - onOne Software)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.3000 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(2/3/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
USB3Setup (HKLM-x32\...\{4814105D-5756-4CD7-9430-ADA474A3E192}) (Version: 1.0.4.220 - VIZIO)
VIZIO Wireless Driver (HKLM-x32\...\{3A9C1D7A-A227-442F-B296-14AEBC4E85C1}) (Version: 1.00.0001 - VIZIO)
VIZIO Wireless Touchpad (HKLM-x32\...\{3F0E78CA-735E-446D-8E60-69C6CA27EC95}) (Version: 1.00.0001 - VIZIO)
VIZIO_FN_Key_Utility (HKLM-x32\...\{106AEB0E-1FF7-44BD-B510-6CF9A3934FAC}) (Version: 1.3.15 - VIZIO)
VIZIOUtility version 1.0 (HKLM-x32\...\{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1) (Version: 1.0 - VIZIO)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-08 13:01 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {372C798C-A5B3-4AA4-BBF2-B7E73240D486} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {503D3F2D-3467-4AD0-AB8F-6DC6CC77FC61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {795C9DD4-84DD-4612-B8E5-6C26954A7C70} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {7A4BB95A-5FCC-432C-90F8-E7E4AB110F1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {90298288-31FE-4B9F-B6B2-B20ED9EBC124} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C5E1112F-43F2-4BEE-99A2-79ADA35DF515} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {CB672E22-56A2-4C3B-BAB2-6CDCBAD908A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F741AF84-829D-46EF-8DB7-4841CBC7DCCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2011-04-25 10:24 - 2011-04-25 10:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2012-04-27 17:03 - 2012-03-28 09:36 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-04-27 17:43 - 2012-03-19 17:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-04-17 11:20 - 2012-04-17 11:20 - 00293376 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\vCapture64.dll
2012-03-28 13:15 - 2012-03-28 13:15 - 00013824 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\WMI_DLL64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-27 17:03 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-05-18 18:30 - 2012-05-03 16:56 - 00089600 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspLib.dll
2012-05-18 18:30 - 2012-05-03 11:48 - 00093696 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\move_ctrl.dll
2012-05-18 18:30 - 2012-04-20 18:11 - 00034816 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\KbdHook.dll
2012-05-18 18:30 - 2012-03-15 12:19 - 00241664 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\vCapture.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1987813687-3303645166-2786259458-500 - Administrator - Disabled)
Guest (S-1-5-21-1987813687-3303645166-2786259458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1987813687-3303645166-2786259458-1003 - Limited - Enabled)
Ryan (S-1-5-21-1987813687-3303645166-2786259458-1001 - Administrator - Enabled) => C:\Users\Ryan
UpdatusUser (S-1-5-21-1987813687-3303645166-2786259458-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 0 won: 8D67F39E 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:BD18:B452:A984:6DB4

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 849157E6 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:2C35:E033:2976:686D

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 0 won: 8D67F39E 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:BD18:B452:A984:6DB4

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 00366AD0 4 Ryan-PC.local. Addr 192.168.200.26

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 3 lost: 00366AD8 4 Ryan-PC.local. Addr 192.168.200.27

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 849157E6 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:2C35:E033:2976:686D

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 3 won: 00366AD8 4 Ryan-PC.local. Addr 192.168.200.27

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 00366AD0 4 Ryan-PC.local. Addr 192.168.200.26

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 0 won: 8D67F39E 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:BD18:B452:A984:6DB4

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 849157E6 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:2C35:E033:2976:686D


System errors:
=============
Error: (01/21/2015 05:14:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (01/21/2015 05:00:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (01/21/2015 04:38:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/21/2015 00:24:18 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/21/2015 00:22:18 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/21/2015 00:22:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (01/21/2015 00:21:17 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/21/2015 00:19:16 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/21/2015 00:18:15 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (01/21/2015 00:16:14 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office Sessions:
=========================
Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 0 won: 8D67F39E 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:BD18:B452:A984:6DB4

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 849157E6 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:2C35:E033:2976:686D

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 0 won: 8D67F39E 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:BD18:B452:A984:6DB4

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 00366AD0 4 Ryan-PC.local. Addr 192.168.200.26

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 3 lost: 00366AD8 4 Ryan-PC.local. Addr 192.168.200.27

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 849157E6 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:2C35:E033:2976:686D

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 3 won: 00366AD8 4 Ryan-PC.local. Addr 192.168.200.27

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 00366AD0 4 Ryan-PC.local. Addr 192.168.200.26

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Our Record 0 won: 8D67F39E 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:BD18:B452:A984:6DB4

Error: (01/21/2015 05:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 000000000183A5E0 Pkt Record: 849157E6 16 Ryan-PC.local. AAAA FE80:0000:0000:0000:2C35:E033:2976:686D


CodeIntegrity Errors:
===================================
Date: 2014-11-03 15:18:28.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-03 15:18:28.884
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 86%
Total physical RAM: 8085.95 MB
Available physical RAM: 1058.08 MB
Total Pagefile: 16170.07 MB
Available Pagefile: 7427.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:919.21 GB) (Free:829.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 868B7EFA)
Partition 1: (Active) - (Size=600 MB) - (Type=27)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=27)

==================== End Of Log ============================





aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-21 18:27:40
-----------------------------
18:27:40.885 OS Version: Windows x64 6.1.7601 Service Pack 1
18:27:40.885 Number of processors: 8 586 0x3A09
18:27:40.885 ComputerName: RYAN-PC UserName: Ryan
18:27:42.275 Initialize success
18:27:42.278 VM: initialized successfully
18:27:42.278 VM: Intel CPU BiosDisabled
18:39:29.952 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:39:29.952 Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 8
18:39:30.142 Disk 0 MBR read successfully
18:39:30.142 Disk 0 MBR scan
18:39:30.142 Disk 0 Windows 7 default MBR code
18:39:30.142 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 600 MB offset 2048
18:39:30.152 Disk 0 default boot code
18:39:30.152 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941267 MB offset 1230848
18:39:30.192 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 1928945664
18:39:30.232 Disk 0 scanning C:\Windows\system32\drivers
18:39:38.394 Service scanning
18:40:23.269 Modules scanning
18:40:23.272 Disk 0 trace - called modules:
18:40:23.304 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:40:23.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aa7790]
18:40:23.309 3 CLASSPNP.SYS[fffff88001d6b43f] -> nt!IofCallDriver -> [0xfffffa80076cf180]
18:40:23.314 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80078a7050]
18:40:23.317 Disk 0 statistics 103017/0/0 @ 6.33 MB/s
18:40:23.319 Scan finished successfully
18:40:47.783 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
18:40:47.828 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"

Has ComboFix run recently or is that still there since the last time the computer was here?

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
C:\Users\Ryan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
AlternateDataStreams: C:\Windows:nlsPreferences
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Thanks so much for helping me again! I don't think anything called ComboFix has run since you helped me before. I've posted the FRST, AdwCleaner, and JRT logs below:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Ryan at 2015-01-22 16:05:13 Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
C:\Users\Ryan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
AlternateDataStreams: C:\Windows:nlsPreferences
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found.
C:\Users\Ryan\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 844.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:07:57 ====




# AdwCleaner v4.108 - Report created 22/01/2015 at 16:15:34
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


*************************

AdwCleaner[R0].txt - [884 octets] - [22/01/2015 16:13:23]
AdwCleaner[S0].txt - [718 octets] - [22/01/2015 16:15:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [777 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ryan on Thu 01/22/2015 at 16:28:26.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{5B762BD5-50CD-46AF-848F-A04E6561EAD5}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{806E944B-1763-4FF0-9440-5C8C5302134B}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{8491446D-F948-4B19-B521-2509828BF009}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{9B1BF085-634B-426D-BDB3-489C0053B60E}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{B450593E-2A36-4741-8342-5834A728938C}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{CB7F6179-EB89-4125-A544-E975DD041AB2}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{D71B18BE-0113-42B2-94E6-B576C040378F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 16:30:10.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


~~~~~~~~~~~~~

Tell me how the computer is now.

The computer seems to be running normally at the moment. I've pasted the Malwarebytes log below:



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/22/2015
Scan Time: 5:11:11 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429003
Time Elapsed: 17 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.FakeMS.ED, HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, Quarantined, [ef84dc1e9cedad89cfe67f698180ee12],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Delete-on-Reboot, [8de6ea102069ef470c0d5b175ca7f60a],

Files: 3
Trojan.FakeMS.ED, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\msoeacct.dll, Delete-on-Reboot, [ef84dc1e9cedad89cfe67f698180ee12],
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, Delete-on-Reboot, [8de6ea102069ef470c0d5b175ca7f60a],
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\igywmecgoo.tmp, Delete-on-Reboot, [8de6ea102069ef470c0d5b175ca7f60a],

Physical Sectors: 0
(No malicious items detected)


(end)

The computer seems to be running normally at the moment.

Good deal

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

Here's the contents of the ESET log:

C:\Users\Ryan\AppData\LocalLow\dhviyie.dll a variant of Win32/Kryptik.CVXK trojan
C:\Users\Ryan\AppData\LocalLow\{08CEB9AB-4A99-4FC9-8ABC-B1EBA4DC1DA2}\api-ms-win-system-mpr-l1-1-0.dll a variant of Win64/Kryptik.GT trojan
C:\Users\Ryan\AppData\LocalLow\{BD9BCFD0-25D7-4054-9427-A847F3DB8F18}\api-ms-win-system-d3d10core-l1-1-0.dll Win64/Bedep.C trojan

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


start
CloseProcesses:
C:\Users\Ryan\AppData\LocalLow\dhviyie.dll
C:\Users\Ryan\AppData\LocalLow\{08CEB9AB-4A99-4FC9-8ABC-B1EBA4DC1DA2}\api-ms-win-system-mpr-l1-1-0.dll
C:\Users\Ryan\AppData\LocalLow\{BD9BCFD0-25D7-4054-9427-A847F3DB8F18}\api-ms-win-system-d3d10core-l1-1-0.dll
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

How's the computer now?

The computer still seems to be behaving normally. I've pasted the FRST log below:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Ryan at 2015-01-23 20:19:22 Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Ryan\AppData\LocalLow\dhviyie.dll
C:\Users\Ryan\AppData\LocalLow\{08CEB9AB-4A99-4FC9-8ABC-B1EBA4DC1DA2}\api-ms-win-system-mpr-l1-1-0.dll
C:\Users\Ryan\AppData\LocalLow\{BD9BCFD0-25D7-4054-9427-A847F3DB8F18}\api-ms-win-system-d3d10core-l1-1-0.dll
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\Ryan\AppData\LocalLow\dhviyie.dll => Moved successfully.
C:\Users\Ryan\AppData\LocalLow\{08CEB9AB-4A99-4FC9-8ABC-B1EBA4DC1DA2}\api-ms-win-system-mpr-l1-1-0.dll => Moved successfully.
C:\Users\Ryan\AppData\LocalLow\{BD9BCFD0-25D7-4054-9427-A847F3DB8F18}\api-ms-win-system-d3d10core-l1-1-0.dll => Moved successfully.
EmptyTemp: => Removed 438.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:19:44 ====

The computer still seems to be behaving normally. I've pasted the FRST log below:
Use the computer tomorrow. Then report back if it's still in good shape.

The computer still seems to be running normally today.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore



Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~~~~~~`


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

The DelFix link isn't working ("This page can't be displayed") and I wasn't sure about the sources for it I found on google. I'll try the page again tomorrow.

It didn't work for me either.
If need be we can remove these tools manually.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.


start
DeleteQuarantine:
end


~~~~~~~~~~~~~~~~~~
Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

~~~~~~~~~~~~

I would keep MBAM, update often to stay current. Works very well with any onboard antivirus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`


If you still notice tools with folders still on your machine just let me know.

DelFix worked for me today.

DelFix worked for me today.

Good deal, your good to go!

Great, thanks so much for all of your help!

We're glad to help :)

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.