Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Is It a Backdoor.Win32 [Solved]

Am I infected with a virus?

  • This topic is locked This topic is locked
42 replies to this topic

#1 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 November 2014 - 01:34 AM

Am I infected with a virus?

 

Hello to all and THANK YOU for this site

 

I come to this site while searching and I hope someone my help me, I know very little about computers.

 

A couple of days ago I was typing a word document I had worked on all day and through the night

Next morning with the internet connection off shortly after starting on the document a series of message box appeared: The word document is lost could not be saved and program closed.

 

I could not found it anywhere, no backup found, several word documents lost, I do not know the full extend of how many, many plain text files on the desktop are 0 baits now,

Antivirus stopped updating not working “ESET” Message: Malwarebytes is corrupt or missing program, cannot run

 

I could not run malware cleaners, Firefox and Internet Explorer stopped working, some programs won’t start/run.

 

I managed to start Firefox and Internet Explorer, I ran some anti-malware programs “tdsskiller” AdwCleaner” others” and re-installed Malwarebytes, Antivirus, now working, I downloaded and ran “Tweaking.com windows repair aio setup” to repair computer, nothing found, no notable behaver of.

 

This morning as I was typing and searching for files my main storage hard drive had disappeared, 1TERA_10GB I re-started the computer and it re-appeared again.

I think there must be something that I could not find and I hope someone will help to find ???? I do not want to lose all my documents

THANK YOU

 

 

FRST report

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by Administrator (administrator) on KHAN on 16-11-2014 16:47:10
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [~rmvtxrr] => C:\Users\Administrator\Downloads\fg742p.exe [2115360 2013-11-20] (Dynamic Internet Technology, Inc.)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe [854704 2014-11-10] (Adobe Systems Incorporated)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D837ED443E9CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/en-au/?ocid=iehp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-11-16] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2013-10-03] (OLYMPUS IMAGING CORP.) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4772144 2013-02-21] (O&O Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-18] (Sandboxie Holdings, LLC)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [278016 2014-08-21] () [File not signed]
S4 AJTBBNQOH; C:\Users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe [X]
S4 DXDXHUUIPT; C:\Users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe [X]
S4 ESZIRRKTB; C:\Users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe [X]
S4 GHEXLJESSYJZJFFD; C:\Users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe [X]
S4 GIFNPEGD; C:\Users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe [X]
S4 HNFOEA; C:\Users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe [X]
S4 IPYGNV; C:\Users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe [X]
S4 YBYFGZAO; C:\Users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-25] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-15] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-15] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-08-15] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [28488 2014-11-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-18] () [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-11-16] (secr9tos) [File not signed]
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [98064 2012-10-24] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [29456 2012-10-24] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [209168 2012-10-24] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [32528 2012-10-24] (O&O Software GmbH)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [20808 2013-11-30] (Christian Gulden)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-18] (Sandboxie Holdings, LLC)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-16] (Acronis)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2011-06-23] (Windows ® Win 7 DDK provider)
S0 hcov; System32\drivers\werlmk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 16:47 - 2014-11-16 16:47 - 00014292 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-16 16:44 - 2014-11-16 16:47 - 00000000 ____D () C:\FRST
2014-11-16 16:37 - 2014-11-16 16:37 - 01108480 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-11-16 15:10 - 2014-11-16 15:10 - 00000568 _____ () C:\Users\Administrator\Desktop\aswMBR 3.txt
2014-11-16 15:03 - 2014-11-16 15:03 - 00000615 _____ () C:\Users\Administrator\Desktop\aswMBR - 2.txt
2014-11-16 14:56 - 2014-11-16 14:56 - 00000566 _____ () C:\Users\Administrator\Desktop\aswMBR.txt
2014-11-16 14:23 - 2014-11-16 14:24 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2014-11-15 11:33 - 2014-11-16 10:42 - 00000248 _____ () C:\Windows\error.log
2014-11-15 02:39 - 2014-11-15 02:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-11-15 02:39 - 2014-11-15 02:39 - 00000000 ____D () C:\RegBackup
2014-11-15 00:33 - 2014-11-15 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 22:32 - 2014-11-14 22:33 - 01706808 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-11-14 19:10 - 2014-11-14 19:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-11-14 19:07 - 2014-11-14 19:08 - 02140160 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2014-11-14 19:04 - 2014-11-14 23:02 - 00000000 ____D () C:\AdwCleaner
2014-11-14 13:23 - 2014-11-14 13:24 - 120201976 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2014-11-14 12:03 - 2014-11-14 22:33 - 00001015 _____ () C:\Users\Administrator\Desktop\Errors.txt
2014-11-12 19:04 - 2014-11-12 19:04 - 00013630 _____ () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch.htm
2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch_files
2014-11-12 19:03 - 2014-11-12 19:14 - 22892794 _____ (Audacity Team ) C:\Users\Administrator\Downloads\audacity-win-2.0.6.exe
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Administrator\Documents\2006 FIFA World Cup™
2014-11-12 16:10 - 2014-11-12 16:10 - 00061440 _____ ( ) C:\Users\Administrator\Downloads\VEW.exe
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\Speccy
2014-11-12 13:15 - 2014-11-12 13:15 - 00000000 ____D () C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 13:12 - 2014-11-12 13:19 - 09817304 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-11-12 12:48 - 2014-11-12 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-11-11 17:37 - 2014-11-11 17:37 - 00000288 _____ () C:\Windows\Support.ini
2014-11-11 17:37 - 2014-11-11 17:37 - 00000000 ____D () C:\Program Files\Common Files\Olympus Shared
2014-11-11 17:32 - 2014-11-12 11:12 - 00000000 ____D () C:\Program Files\The FTW Transcriber
2014-11-11 17:32 - 2014-11-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
2014-11-11 17:28 - 2014-11-11 17:30 - 24588601 _____ (The Tyger Valley Systems, Inc. ) C:\Users\Administrator\Downloads\FTW Transcribe setup.exe
2014-11-11 17:21 - 2014-11-11 17:21 - 01177930 _____ () C:\Users\Administrator\Downloads\NCH.Express.Scribe.Pro.v5.55.Incl.Keygen-BRD.rar
2014-11-11 12:07 - 2014-11-11 12:07 - 00028488 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 11:00 - 2014-11-11 14:46 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2014-11-11 11:00 - 2014-11-11 14:46 - 00001140 _____ () C:\Users\Public\Desktop\Express Scribe Transcription Software.lnk
2014-11-11 09:31 - 2014-11-11 09:31 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-11-11 09:30 - 2014-11-11 09:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVS4YOU
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-11 08:27 - 2014-11-12 23:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 23:40 - 2014-11-10 23:41 - 00644160 _____ () C:\Users\Administrator\Downloads\switchsetupSoftonicEN.exe
2014-11-10 16:44 - 2014-11-10 16:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-11-10 16:40 - 2014-11-10 16:40 - 04578024 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-10 10:01 - 2014-11-10 17:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
2014-11-10 10:01 - 2014-11-10 17:11 - 00001106 _____ () C:\Users\Public\Desktop\Express Dictate.lnk
2014-11-09 11:37 - 2014-11-09 11:37 - 13708848 _____ () C:\Users\Administrator\Downloads\SysinternalsSuite(1).zip
2014-11-04 18:35 - 2014-11-04 18:35 - 00000775 _____ () C:\Users\Administrator\Downloads\Drive Update NVIDER.txt
2014-11-04 12:29 - 2014-11-04 12:29 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (3).exe.1pwp9uk.partial
2014-11-04 12:26 - 2014-11-04 12:26 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (2).exe.hjxm4kd.partial
2014-11-04 12:17 - 2014-11-04 12:19 - 00714995 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial
2014-11-04 11:58 - 2014-11-13 14:50 - 00001149 _____ () C:\Windows\~soundrecorder.dat
2014-11-03 23:36 - 2014-11-03 23:36 - 00000951 _____ () C:\Users\Administrator\Desktop\Balabolka.lnk
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\Documents\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Balabolka
2014-11-03 23:35 - 2014-11-03 23:36 - 00000000 ____D () C:\Program Files\Balabolka
2014-11-03 22:42 - 2014-11-03 23:39 - 00000000 ____D () C:\Users\Administrator\Downloads\Speach
2014-11-03 18:01 - 2014-11-03 18:03 - 31079968 _____ () C:\Users\Administrator\Downloads\Ivona_Reader_inst_wi_ne.exe
2014-11-03 17:12 - 2014-11-03 19:57 - 1092299089 _____ () C:\Users\Administrator\Downloads\ATT tts setup w audrey voice.rar
2014-11-03 16:18 - 2014-11-16 08:12 - 00017395 _____ () C:\Users\Administrator\Desktop\ABC 1 Page 9 Copy 2.txt
2014-11-03 08:25 - 2014-11-03 08:33 - 231177072 _____ () C:\Users\Administrator\Downloads\PowerDirector_3403_GM7_Patch_Patch_VDE141006-01.exe
2014-11-02 16:09 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2014-11-02 15:57 - 2014-11-02 15:57 - 00002169 _____ () C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2014-11-02 15:57 - 2014-11-02 15:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 15:31 - 2014-11-02 15:31 - 00002201 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-11-02 15:31 - 2014-11-02 15:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-02 15:28 - 2014-11-02 15:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-02 15:24 - 2014-11-12 23:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-02 15:21 - 2014-11-02 15:21 - 00064218 _____ () C:\Users\Administrator\Documents\cc_20141102_142119.reg
2014-11-02 10:22 - 2014-11-02 10:22 - 00680956 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
2014-11-02 09:50 - 2014-11-02 10:00 - 01029080 _____ (CyberLink) C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-11-02 09:45 - 2014-11-02 09:48 - 00001007 _____ () C:\Users\test\Desktop\CyberLink_update 3625.lnk
2014-11-01 09:56 - 2014-11-01 09:57 - 08857025 _____ () C:\Users\Administrator\Downloads\A Time To Kill Trailer.mp4
2014-10-31 18:04 - 2014-11-12 11:22 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-10-31 18:04 - 2014-10-31 18:04 - 00000000 ____D () C:\ProgramData\eSellerate
2014-10-31 17:46 - 2014-10-31 17:46 - 00039542 _____ () C:\Users\Administrator\Documents\cc_20141031_164610.reg
2014-10-31 16:55 - 2014-11-04 18:35 - 00000000 ____D () C:\Users\Administrator\Downloads\Power Direct
2014-10-29 22:02 - 2014-10-29 22:02 - 00000841 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-10-28 11:30 - 2014-10-28 11:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Nuance
2014-10-25 15:40 - 2014-10-25 15:40 - 00011896 _____ () C:\Users\Administrator\Documents\cc_20141025_154032.reg
2014-10-25 13:10 - 2014-10-25 13:10 - 00003447 _____ () C:\Users\Administrator\Desktop\Win7 Editions.txt
2014-10-25 12:08 - 2014-10-25 12:08 - 02365840 _____ () C:\Users\Administrator\Downloads\SecurityTaskManager_Setup.exe
2014-10-25 08:17 - 2014-10-25 08:17 - 00003447 _____ () C:\Users\Administrator\Downloads\Win7 Editions.txt
2014-10-22 20:12 - 2014-10-22 20:12 - 00484864 _____ (Dicolab B.V.) C:\Users\Administrator\Downloads\TeamPlayer3Connect.exe
2014-10-21 16:42 - 2014-10-21 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cool Record Edit Pro
2014-10-19 19:09 - 2014-10-19 19:09 - 00005347 _____ () C:\Users\Administrator\Downloads\eicfg_removal_utility (2).zip
2014-10-19 10:34 - 2014-10-19 17:07 - 00000000 ____D () C:\Program Files\UltraISO
2014-10-19 10:34 - 2014-10-19 10:34 - 00000993 _____ () C:\Users\Public\Desktop\Ultraiso.lnk
2014-10-19 10:34 - 2014-10-19 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra ISO Prem. v9.3.6.2750 by Moon-Dancer
2014-10-19 09:51 - 2014-10-19 09:51 - 00000000 ____D () C:\Windows\system32\ShellExt
2014-10-18 14:51 - 2014-10-18 14:51 - 00001053 _____ () C:\Users\Public\Desktop\DisplayFusion.lnk
2014-10-18 14:51 - 2014-10-18 14:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DisplayFusion
2014-10-18 14:51 - 2014-10-18 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2014-10-18 14:50 - 2014-10-18 14:51 - 00000000 ____D () C:\Program Files\DisplayFusion
2014-10-18 14:50 - 2014-10-18 14:50 - 00000000 ____D () C:\Users\Administrator\Documents\DisplayFusion Backups
2014-10-18 14:43 - 2014-10-18 14:45 - 00000000 ____D () C:\Program Files\Synergy
2014-10-18 14:43 - 2014-10-18 14:43 - 00002427 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synergy.lnk
2014-10-18 14:15 - 2014-10-18 14:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_pimou_01011.Wdf
2014-10-18 14:11 - 2013-11-30 13:29 - 00020808 _____ (Christian Gulden) C:\Windows\system32\Drivers\pimou.sys
2014-10-18 14:01 - 2014-10-18 14:37 - 00000000 ____D () C:\Program Files\IU DLL Fixer
2014-10-18 13:22 - 2014-10-18 13:22 - 00000000 ____D () C:\Users\Administrator\.swt
2014-10-18 13:21 - 2014-10-18 13:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Azureus
2014-10-18 13:11 - 2014-10-18 13:11 - 00000835 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-10-18 10:47 - 2014-10-18 10:47 - 00005474 _____ () C:\Users\Administrator\Downloads\eicfg_removal_utility (1).zip
2014-10-18 09:08 - 2012-08-06 02:24 - 00001997 _____ () C:\Users\Administrator\Downloads\readme.txt
2014-10-17 10:56 - 2014-10-17 10:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ScanSoft
2014-10-17 10:38 - 2014-10-17 10:38 - 00013291 _____ () C:\Users\Administrator\Downloads\hashutils-1.3.0-redist.7z
2014-10-17 09:10 - 2014-10-17 09:10 - 00005474 _____ () C:\Users\Administrator\Downloads\eicfg_removal_utility.zip
2014-10-17 09:06 - 2014-10-17 09:06 - 00005474 _____ () C:\Users\Administrator\Downloads\cversion.ini_removal_utility.zip
2014-10-17 00:14 - 2014-10-17 00:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Scansoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 15:24 - 2012-07-26 00:00 - 00942080 ___SH () C:\Users\Administrator\Desktop\Thumbs.db
2014-11-16 15:09 - 2012-08-06 14:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-11-16 11:36 - 2013-11-02 21:34 - 01562416 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 11:27 - 2013-03-19 20:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-16 10:47 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 10:47 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 10:46 - 2010-11-21 07:01 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:42 - 2014-10-06 23:00 - 00185068 _____ () C:\Windows\setupact.log
2014-11-16 10:42 - 2014-10-06 22:52 - 00002349 _____ () C:\Windows\errord.log
2014-11-16 10:42 - 2011-05-13 18:15 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-11-16 10:42 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 10:40 - 2014-02-27 13:45 - 00014801 _____ () C:\Users\Administrator\Desktop\Provisor.txt
2014-11-16 10:19 - 2014-08-29 11:28 - 00000000 ___RD () C:\Users\Administrator\Downloads\Toto-FrancocCiccio
2014-11-16 09:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Windows\Lhsp
2014-11-16 08:51 - 2013-07-19 22:04 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-15 11:06 - 2013-11-03 14:47 - 00141312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:03 - 2012-01-20 12:07 - 00000000 ____D () C:\Windows\pss
2014-11-15 10:49 - 2009-07-14 14:33 - 03943296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 10:48 - 2011-04-12 12:24 - 00000000 ____D () C:\Windows\CSC
2014-11-15 00:52 - 2012-05-14 00:14 - 00000000 ____D () C:\Windows\ERDNT
2014-11-14 22:51 - 2014-10-06 22:52 - 00075632 _____ () C:\Windows\PFRO.log
2014-11-14 18:50 - 2013-11-03 12:31 - 00000000 ____D () C:\Program Files\Software Remove Master
2014-11-14 14:39 - 2013-11-03 17:00 - 00007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-11-14 12:10 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-13 10:44 - 2012-01-17 10:50 - 00001009 _____ () C:\Windows\Brpfx04a.ini
2014-11-12 23:18 - 2013-11-20 17:15 - 00000564 _____ () C:\Users\Administrator\Downloads\fg.ini
2014-11-12 23:17 - 2014-01-11 00:56 - 00002952 _____ () C:\Windows\Sandboxie.ini
2014-11-12 23:07 - 2014-10-16 23:10 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-11-12 11:22 - 2012-01-17 10:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 18:36 - 2013-08-27 22:24 - 00003079 _____ () C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
2014-11-11 17:22 - 2013-08-28 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-11-10 23:08 - 2014-09-14 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-11-10 23:08 - 2014-02-28 10:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-10 23:08 - 2014-02-28 10:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 11:35 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\Administrator
2014-11-09 10:39 - 2009-07-14 12:03 - 67371008 _____ () C:\Windows\system32\config\software.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 24379392 _____ () C:\Windows\system32\config\system.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-09 10:38 - 2013-11-02 20:37 - 12845056 _____ () C:\Users\Administrator\ntuser.bak
2014-11-07 01:29 - 2014-03-01 11:06 - 00000000 ____D () C:\Users\Administrator\Downloads\IVONA Voices 2 (1.6.63)
2014-11-06 19:43 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 19:07 - 2014-01-25 11:50 - 01509888 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2014-11-04 12:04 - 2014-09-22 21:26 - 00000000 ____D () C:\Program Files\Free Sound Recorder
2014-11-03 12:34 - 2014-09-22 21:27 - 00000000 ____D () C:\Users\Administrator\Documents\Free Sound Recorder
2014-11-03 08:09 - 2013-11-21 16:37 - 00015682 _____ () C:\Users\Administrator\Downloads\fghelp_en.htm
2014-11-02 16:02 - 2012-07-30 10:34 - 00000056 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_654
2014-11-02 15:58 - 2013-07-19 21:45 - 00000000 ____D () C:\ProgramData\install_clap
2014-10-29 22:03 - 2013-06-24 19:55 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2014-10-29 22:02 - 2013-11-13 12:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2014-10-28 13:44 - 2014-03-07 12:58 - 00000000 ____D () C:\Pdfedit
2014-10-28 11:53 - 2014-10-03 13:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Tracker Software
2014-10-28 11:30 - 2013-08-22 12:17 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-28 11:11 - 2013-08-27 10:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nuance
2014-10-27 23:35 - 2014-09-29 18:47 - 00000000 ____D () C:\Users\Administrator\Desktop\Temp Wagener
2014-10-22 09:27 - 2013-11-04 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 16:51 - 2014-08-27 15:00 - 00000000 ___RD () C:\Users\Administrator\Downloads\Dual Monitor
2014-10-18 14:09 - 2014-08-27 16:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\GNE
2014-10-17 02:23 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\rescache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 12:42

==================== End Of Log ============================

 

second

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01
Ran by Administrator at 2014-11-16 16:47:56
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM\...\AU10_is1) (Version: 10 - Innovative Solutions)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.3.0.0 - SlySoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AZARDI (HKLM\...\AZARDI_is1) (Version:  - Infogrid Pacific Pte. Ltd.)
Balabolka (HKLM\...\Balabolka) (Version: 2.10.0.575 - Ilya Morozov)
Brother MFL-Pro Suite MFC-790CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Classic Menu for Office Enterprise 2010 and 2013 v5.85 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.85 - Addintools)
Contents (Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
CyberLink PowerDirector 12 (HKLM\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3403.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 6.0 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.0.0.0 - Binary Fortress Software)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{6DCA86D6-F197-41B7-BD33-43E32A15A41E}) (Version: 7.0.302.0 - ESET, spol s r. o.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free Sound Recorder v9.7.5 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)
Freeware PDF Unlocker (HKLM\...\{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}) (Version: 1.0.4 - SMTguru)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
ICA (Version: 16.0.0.106 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IPM_VS_Pro (Version: 16.0 - Corel Corporation) Hidden
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
L&H TTS3000 Italiano (HKLM\...\LHTTSITI) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nero 12 (HKLM\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}) (Version: 7.0.144 - O&O Software GmbH)
OlympusCodecs (HKLM\...\{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}) (Version: 1.0.1 - Olympus)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version:  - )
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Setup (Version: 16.0.0.106 - Corel Corporation) Hidden
Share (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Remove Master v5.0.1.3 (HKLM\...\Software Remove Master_is1) (Version:  - CareWindows)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (32-bit) (HKLM\...\{48C4B49D-F876-4969-BF74-319EF3601A35}) (Version: 1.5.1 - The Synergy Project)
The FTW Transcriber version 3.1 (HKLM\...\{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1) (Version: 3.1 - The Tyger Valley Systems, Inc.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Ultimate Paint 2.88 Freeware Edition (HKLM\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.3 - fCoder Group, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VSClassic (Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (Version: 16.0.0.106 - Corel Corporation) Hidden
VSUltimate (Version: 16.0.0.106 - Corel Corporation) Hidden
VT-Bridget-M16-SAPI5 (HKLM\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
VT-Julie-M16-SAPI5 (HKLM\...\{C496F7CD-ED09-4D8D-872E-3470D4717714}) (Version:  - )
VT-Kate-M16-SAPI5 (HKLM\...\{9FAD67A7-3A4E-4754-AAC4-0397F370611D}) (Version:  - )
VT-Paul-M16-SAPI5 (HKLM\...\{942DF6BD-E4F2-4915-B4FB-09C02B71284F}) (Version:  - )
Welcome App (Start-up experience) (Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows Driver Package - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordPerfect Office X6 - Common Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (Version: 16.0 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.318 - Corel Corporation)
WordPerfect Office X6 (Version: 16.0 - Corel Corporation) Hidden
Youtube Downloader HD v. 2.9.6 (HKLM\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-11-2014 07:36:50 Installed OlympusCodecs
12-11-2014 01:21:45 Removed SmartSound Quicktracks 5
12-11-2014 03:14:36 Removed NVIDIA PhysX
12-11-2014 03:19:13 Removed OlympusCodecs
12-11-2014 08:11:41 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
14-11-2014 08:03:12 Removed OlympusCodecs
14-11-2014 08:25:36 Removed OlympusCodecs
16-11-2014 00:52:47 Removed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-30 10:34 - 2014-11-15 10:03 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CA6C9D-7CCC-428E-914C-F01421A85CBE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {08038180-7575-4743-AA20-957747EA1DF7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A897EC5-DB50-4E03-BBE3-D57A5A794189} - System32\Tasks\{2C3F50B1-D54D-40CA-992C-830EB5627BDF} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {10EF8F74-69C8-4E4F-BA9B-5DD716CE1EB4} - System32\Tasks\{3DCA905C-CBBF-424C-B155-5B0162A152CF} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {178909FA-264A-49EC-8FF2-9C56A9B13A2A} - System32\Tasks\{742B0DA6-B0BA-407B-AD13-2EF45C8B5136} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {19460C60-1E2E-4918-94E0-D512C0E5756F} - System32\Tasks\{61D2098D-AB2E-4155-BBA6-7175DCC19796} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {1D7F019C-D419-49C7-BAA0-A577C33B19D2} - System32\Tasks\{FF074E76-79B5-407D-A341-07E6BACAC239} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {1F4B18E4-27FA-4888-8A92-440059244BC2} - System32\Tasks\{C27BEF35-AF2F-476D-A7BB-2D58CADB4917} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {215EBB15-4A20-4933-A901-C46A6D3B1991} - System32\Tasks\{97E53D3C-1CE8-43C9-9697-2354A5E7825F} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {28455495-D1FC-4558-B070-A172B5334163} - System32\Tasks\{92123959-9F6E-472B-9509-79B7C22FE5A1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {2FB16726-0240-4074-A381-4DA5AC038384} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31CFD816-5E6E-4F8E-B71B-2F6344CDA3D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3967B16F-08ED-4990-9728-2855AA26C8D3} - System32\Tasks\{C49E02A8-FD5A-45A2-ABA7-BD66E3C3D11D} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3A82721C-EA39-4C5C-A69A-93943D12BF94} - System32\Tasks\{77975FFD-B173-4AF2-9A64-88D2367B638D} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3AE87692-B99B-436C-8320-9FC7ABBADC3D} - System32\Tasks\{19747C34-5D7E-4DBB-8F29-E0CA714F7341} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3EE8C6D0-1AAC-4ADE-A363-A2DC7FC8AA98} - System32\Tasks\{96E49231-874F-45BB-8C30-8177DF641A49} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {4389A372-FC61-40B0-85C6-475415D624A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {456C2A4E-9180-4F04-9560-3E28BB018C68} - System32\Tasks\{70259839-3263-4456-B23D-D5F4D1BE7C16} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {47939221-4A52-4194-B085-AEB2A6C2103D} - System32\Tasks\{5BE0F675-129F-4995-8F06-03EF74B0F692} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {498FCE60-CBFB-49F4-B48A-B54F9194969F} - System32\Tasks\{D09C7287-B757-40E0-9BAB-29FB2DBBA8FE} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {4F43426A-4609-4EAB-A61C-7A5DF5B99125} - System32\Tasks\{858FB472-5CEA-4FBD-9E72-65DEC715A7C5} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {528711F2-1C72-448D-B5EF-37927EADCC31} - System32\Tasks\{F2848B54-0B33-4407-AA89-F92FC745D459} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {56410E59-C3B1-40F8-B0FD-674254FBA0E7} - System32\Tasks\{F12BB17B-8534-4DF4-9B6F-3E475FFDE5B8} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {56DBD133-FF99-443B-B8AC-3ECC426B958F} - System32\Tasks\{598A64E4-9B31-4706-8E5E-1DE0A59292E0} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {5ADDB58B-CD32-4C7A-8C67-0F33C2AFEB36} - System32\Tasks\{26F8E065-2C28-4787-8086-ADFEA2845C6F} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {5EE847CB-FE75-4CF1-BED6-837AC7159F2D} - System32\Tasks\{8EA4414C-54BF-4BB7-A44E-9BC521BDBF4A} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {67F58E9F-0BE3-4687-A0CB-793072C765CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C2214C5-1FB9-4BF9-AB41-F112C323F6AE} - System32\Tasks\{80F3845C-3C92-4898-A9FF-0B5EE604DF07} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {6F868CB2-B24A-4870-B985-C710DDCDC3DF} - System32\Tasks\{7F916CCC-7C8F-478B-918C-C6D255DF3C96} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {759A20CA-2CC1-463C-AB2B-5F20ECA69237} - System32\Tasks\{B5CEC5F3-64B5-4680-9DBB-B24E00ED9E93} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {7BAEB8C8-16A9-4298-B4B6-FFFF2392075A} - System32\Tasks\{2B5DC53E-0AB1-4FD5-8376-F45831513321} => G:\Programs\A0184583.exe [2005-04-01] ()
Task: {7D614EE3-9D66-423F-88D0-D80F9C23C979} - System32\Tasks\{57E60407-B0FB-4D1B-A1C4-5157608AB94C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {82BF0377-0F7E-46FD-B45F-93885DF2B269} - System32\Tasks\{D92EDE2F-6ECB-46C4-AF2C-088BB3266C49} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv.msi"
Task: {8958F3FB-5EC7-4C63-A8DE-994597FE8189} - System32\Tasks\{D3D4DB0C-580C-46D9-89E1-68B5B9259E28} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {91D6F716-06D8-4DE8-9FF0-8B38127F071F} - System32\Tasks\{0884BF43-CAEA-4028-8EF9-6A43F9CBAF4B} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {955F58A1-9B56-4134-8B00-E6A24D152E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe
Task: {9A3EED12-48B7-4FDE-89E1-211C2A81374F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9A8DEEF7-5879-417B-8910-817C62E257AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {9ABF9E49-9B3F-404E-ACE9-EFD7E06AAAD1} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files\NCH Software\Express\Express.exe
Task: {AA318FA1-575A-463F-800F-6EC8A9EE1A5B} - System32\Tasks\{72F5C9F6-BF43-44FA-9C9B-1A414EA26E18} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {B238A0AF-4B8B-4A9D-BB66-143A4F70B525} - System32\Tasks\{8821CE3A-A714-4E0B-A8B5-EC7D64AD924C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B4CDFFB2-7FA3-4BFC-BA1B-C987763795D5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B56E7DDF-9ADE-44EA-8840-2D695C4A8E60} - System32\Tasks\{43022584-1FB3-433D-9BAE-856426CFDAD2} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B8F2760C-C46E-4C21-92A2-6557BB1FD4D3} - System32\Tasks\{24586FE0-83FE-4FFF-A59B-8D6F461E0ADB} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {CB4AE861-A16A-4CDA-B2C8-24CC42C82E9E} - System32\Tasks\{8D73619E-884E-4B2A-8690-FD2E6744D2B1} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {CC1103FC-DB87-4860-9806-36E7FBAF2877} - System32\Tasks\{2F4F007B-B337-4BAA-8835-96B7597EEF1B} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {CDB8BC96-F444-4126-B8E6-6CA7B495D9F8} - System32\Tasks\{2D8604A9-1DAA-4D11-8018-32C0E45AC2A0} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {D29B7288-C0C9-4911-B299-CF880AC73D80} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D536B505-EAD3-40B0-B781-AE2AE206BB2D} - System32\Tasks\{253E0BCE-68AC-4F7D-93E9-5435C5EE38F9} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {E0776124-DEBD-4C63-8257-342A6D883336} - System32\Tasks\{6A9758CB-785E-439C-9C1B-2238CECA5BF2} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {E4E34B87-A337-4D5C-A121-49066069A29C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EAFB4792-2E9F-4098-AF9B-6700216F9A04} - System32\Tasks\{37343038-3FED-49FC-A743-8DDDFE16F4F7} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {F929BE73-A7C9-4DD4-AF4D-892ED5933594} - System32\Tasks\{575ED30B-3D7F-46C2-B023-637056BFF346} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {FBCBC6EF-D7CE-4A65-B778-D35411F56594} - System32\Tasks\{4B12E91A-5B39-42C5-B438-D29669D9D6C1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2013-11-02 20:36 - 2013-01-31 19:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-02 15:57 - 2012-08-08 22:36 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-08-21 18:20 - 2014-08-21 18:20 - 00278016 _____ () C:\Program Files\Synergy\synergyd.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-11-08 00:38 - 2012-02-29 00:23 - 00051200 _____ () C:\Program Files\Classic Menu for Office\armaccess.dll
2014-11-11 08:27 - 2014-11-11 08:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: YBYFGZAO => 3
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: BrMfcWnd =>
MSCONFIG\startupreg: ControlCenter3 =>
MSCONFIG\startupreg: IndexSearch =>
MSCONFIG\startupreg: PaperPort PTD =>
MSCONFIG\startupreg: SSBkgdUpdate =>

========================= Accounts: ==========================

Administrator (S-1-5-21-2411852452-117403543-12125213-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2411852452-117403543-12125213-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2411852452-117403543-12125213-1025 - Limited - Enabled)
test (S-1-5-21-2411852452-117403543-12125213-1023 - Administrator - Enabled) => C:\Users\test
UpdatusUser (S-1-5-21-2411852452-117403543-12125213-1026 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 03:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x3edc
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/16/2014 03:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d37
Faulting process id: 0x3b34
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/16/2014 02:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x2868
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/16/2014 09:00:23 AM) (Source: CardSpace 3.0.0.0) (EventID: 269) (User: NT AUTHORITY)
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
   at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
   at System.Environment.get_StackTrace()
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
   at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
   at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
   at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
   at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (11/15/2014 05:07:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/15/2014 00:45:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/15/2014 10:50:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (11/16/2014 10:43:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/16/2014 10:42:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.


Microsoft Office Sessions:
=========================
Error: (08/29/2013 01:42:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000496960

Error: (07/29/2013 04:20:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 3Microsoft Office PowerPoint12.0.6600.100012.0.6612.100028941320

Error: (05/23/2013 05:51:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100069484080

Error: (11/07/2012 05:42:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.101423820

Error: (11/05/2012 07:02:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10142594585760

Error: (07/30/2012 11:03:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000375300

Error: (07/14/2012 04:56:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000690403180

Error: (06/06/2012 10:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6661.500012.0.6612.1000470

Error: (02/02/2012 10:09:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.1014648300


CodeIntegrity Errors:
===================================
  Date: 2014-10-15 04:12:37.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:09:02.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 46%
Total physical RAM: 3070.49 MB
Available physical RAM: 1655.49 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4258.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1874.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:168 GB) (Free:52.33 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:130.09 GB) (Free:42.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (1TERA_10GB) (Fixed) (Total:931.51 GB) (Free:375.15 GB) NTFS
Drive g: (320D500GB) (Fixed) (Total:465.76 GB) (Free:216.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BFBBC8F1)
Partition 1: (Active) - (Size=130.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33091F32)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4FE0168)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

I ran scan aswMBR It did not run see reports


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 November 2014 - 09:42 PM

Hi soloio,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Please post the following logs from the scans you ran:
  • TDSSKiller log
  • AdwCleaner log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 18 November 2014 - 05:07 AM

HI! OCD

Thank you very much for your help much appreciated

Please find the logs attached

Thank  You

 

HI! Again OCD

I posted the files requested but I posted wrong I believe

I have just checked and I cannot see them

Sorry you have waited for me to post I waited foe your reply

I am posting again hope this is right sorry

 

 

# AdwCleaner v4.101 - Report created 14/11/2014 at 22:38:08
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Administrator - KHAN
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software

HI! OCD
Thank you very much for your help much appreciated
Please find the logs attached
Thank  You



Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Users\Administrator\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R20].txt - [1119 octets] - [14/11/2014 22:06:22]
AdwCleaner[S17].txt - [1052 octets] - [14/11/2014 22:38:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S17].txt - [1113 octets] ##########





# AdwCleaner v4.101 - Report created 14/11/2014 at 22:06:22
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Administrator - KHAN
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\Users\Administrator\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R20].txt - [978 octets] - [14/11/2014 22:06:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R20].txt - [1038 octets] ##########





11:57:22.0979 0x50018  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
11:57:44.0667 0x50018  ============================================================
11:57:44.0667 0x50018  Current date / time: 2014/11/14 11:57:44.0667
11:57:44.0667 0x50018  SystemInfo:
11:57:44.0668 0x50018 
11:57:44.0668 0x50018  OS Version: 6.1.7601 ServicePack: 1.0
11:57:44.0668 0x50018  Product type: Workstation
11:57:44.0668 0x50018  ComputerName: KHAN
11:57:44.0669 0x50018  UserName: Administrator
11:57:44.0669 0x50018  Windows directory: C:\Windows
11:57:44.0669 0x50018  System windows directory: C:\Windows
11:57:44.0669 0x50018  Processor architecture: Intel x86
11:57:44.0669 0x50018  Number of processors: 2
11:57:44.0670 0x50018  Page size: 0x1000
11:57:44.0670 0x50018  Boot type: Normal boot
11:57:44.0670 0x50018  ============================================================
11:57:49.0217 0x50018  KLMD registered as C:\Windows\system32\drivers\02720219.sys
11:57:51.0225 0x50018  System UUID: {E31DA71A-2571-EEB8-42CE-7F70DBAF3E3F}
11:57:53.0543 0x50018  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:57:53.0579 0x50018  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:57:54.0003 0x50018  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:57:54.0150 0x50018  ============================================================
11:57:54.0159 0x50018  \Device\Harddisk0\DR0:
11:57:54.0161 0x50018  MBR partitions:
11:57:54.0161 0x50018  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1042CED6
11:57:54.0172 0x50018  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1042D715, BlocksNum 0x14FFFFAC
11:57:54.0172 0x50018  \Device\Harddisk1\DR1:
11:57:54.0218 0x50018  MBR partitions:
11:57:54.0219 0x50018  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385FF1
11:57:54.0220 0x50018  \Device\Harddisk2\DR2:
11:57:54.0220 0x50018  MBR partitions:
11:57:54.0220 0x50018  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
11:57:54.0220 0x50018  ============================================================
11:57:54.0291 0x50018  C: <-> \Device\Harddisk0\DR0\Partition2
11:57:54.0356 0x50018  D: <-> \Device\Harddisk0\DR0\Partition1
11:58:16.0140 0x501c0  ============================================================
11:58:16.0162 0x501c0  Scan started
11:58:16.0162 0x501c0  Mode: Manual;
11:58:16.0162 0x501c0  ============================================================
11:58:16.0162 0x501c0  KSN ping started
11:58:30.0179 0x501c0  KSN ping finished: true
11:58:38.0250 0x501c0  ================ Scan system memory ========================
11:58:38.0256 0x501c0  System memory - ok
11:58:38.0256 0x501c0  ================ Scan services =============================
11:58:38.0442 0x501c0  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
11:58:38.0473 0x501c0  1394ohci - ok
11:58:38.0763 0x501c0  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:58:38.0786 0x501c0  ACPI - ok
11:58:38.0829 0x501c0  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:58:38.0860 0x501c0  AcpiPmi - ok
11:58:38.0976 0x501c0  [ 6CD368F2F066DFC507A7477F15B75EB6, 86F253E31CA7DD9C21C160BDCD84FB4CD8B5866C8D135034C0A7582A9E8D00AB ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:58:39.0026 0x501c0  AcrSch2Svc - ok
11:58:39.0082 0x501c0  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:58:39.0111 0x501c0  AdobeARMservice - ok
11:58:39.0135 0x501c0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:58:39.0168 0x501c0  adp94xx - ok
11:58:39.0236 0x501c0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:58:39.0258 0x501c0  adpahci - ok
11:58:39.0280 0x501c0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:58:39.0287 0x501c0  adpu320 - ok
11:58:39.0327 0x501c0  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:58:39.0331 0x501c0  AeLookupSvc - ok
11:58:39.0366 0x501c0  [ 53696AD8FFC5FAC51949A525FF65A689, 6233D5407670052A922897B7845DDEE285794613C9F58183D38726FB15B27944 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
11:58:39.0394 0x501c0  afcdp - ok
11:58:39.0568 0x501c0  [ AF44F7E027037628F1FAC3C13CDE73E6, 56A95EBF2241C275FD401487C5F0E86859F8637D8B1BD01B7157EE9BC22B1907 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:58:39.0721 0x501c0  afcdpsrv - ok
11:58:39.0789 0x501c0  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
11:58:39.0800 0x501c0  AFD - ok
11:58:39.0839 0x501c0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:58:39.0844 0x501c0  agp440 - ok
11:58:39.0862 0x501c0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:58:39.0918 0x501c0  aic78xx - ok
11:58:40.0066 0x501c0  [ 71B8DA260E391A04751221D6394993F1, 16F33CFFD024011A397E1DC1BB830259CBC5EC2CCEC9FEF5BF06FBE785ED7AF0 ] AJTBBNQOH       C:\Users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe
11:58:40.0183 0x501c0  AJTBBNQOH - ok
11:58:40.0250 0x501c0  [ C6397472A8788505FB23C85441837978, 56BE6C55A27F0F48B241BB594C5C7A2A863DDCDA5224497CADF51C2E7617A19F ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
11:58:40.0269 0x501c0  aksfridge - ok
11:58:40.0328 0x501c0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
11:58:40.0363 0x501c0  ALG - ok
11:58:40.0400 0x501c0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:58:40.0419 0x501c0  aliide - ok
11:58:40.0463 0x501c0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:58:40.0481 0x501c0  amdagp - ok
11:58:40.0488 0x501c0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:58:40.0507 0x501c0  amdide - ok
11:58:40.0528 0x501c0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:58:40.0532 0x501c0  AmdK8 - ok
11:58:40.0544 0x501c0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:58:40.0548 0x501c0  AmdPPM - ok
11:58:40.0590 0x501c0  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:58:40.0600 0x501c0  amdsata - ok
11:58:40.0619 0x501c0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:58:40.0626 0x501c0  amdsbs - ok
11:58:40.0640 0x501c0  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:58:40.0644 0x501c0  amdxata - ok
11:58:40.0688 0x501c0  [ 84EE9D37145F394669E6FBE948C7105F, 0026717AD6215685B5122AFD116659D5A6AE1691E1526E59C5DE8548FCD5F4F4 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
11:58:40.0704 0x501c0  AnyDVD - ok
11:58:40.0753 0x501c0  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\Windows\system32\drivers\appid.sys
11:58:40.0757 0x501c0  AppID - ok
11:58:40.0777 0x501c0  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:58:40.0795 0x501c0  AppIDSvc - ok
11:58:40.0819 0x501c0  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
11:58:40.0823 0x501c0  Appinfo - ok
11:58:40.0865 0x501c0  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:58:40.0905 0x501c0  AppMgmt - ok
11:58:40.0956 0x501c0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
11:58:40.0963 0x501c0  arc - ok
11:58:41.0007 0x501c0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:58:41.0012 0x501c0  arcsas - ok
11:58:41.0120 0x501c0  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:58:41.0224 0x501c0  aspnet_state - ok
11:58:41.0257 0x501c0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:58:41.0260 0x501c0  AsyncMac - ok
11:58:41.0299 0x501c0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:58:41.0302 0x501c0  atapi - ok
11:58:41.0351 0x501c0  [ 9A34927D722AD16841263636A4BF069B, 4A92A84E3E4A8BA9551CFB765D0E6FE50E7CBD5695568FB3A37E1556770A369F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:58:41.0362 0x501c0  AudioEndpointBuilder - ok
11:58:41.0385 0x501c0  [ 9A34927D722AD16841263636A4BF069B, 4A92A84E3E4A8BA9551CFB765D0E6FE50E7CBD5695568FB3A37E1556770A369F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:58:41.0398 0x501c0  Audiosrv - ok
11:58:41.0451 0x501c0  [ F798F61B3B5642D7086B96A891B129D2, C780164F630BE05BF9F4D84AAB3912F4247F40D7AE4753121E7B6292F0087AC6 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
11:58:41.0460 0x501c0  avgtp - ok
11:58:41.0505 0x501c0  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:58:41.0509 0x501c0  AxInstSV - ok
11:58:41.0552 0x501c0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
11:58:41.0602 0x501c0  b06bdrv - ok
11:58:41.0628 0x501c0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:58:41.0637 0x501c0  b57nd60x - ok
11:58:41.0658 0x501c0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
11:58:41.0668 0x501c0  BDESVC - ok
11:58:41.0683 0x501c0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:58:41.0687 0x501c0  Beep - ok
11:58:41.0710 0x501c0  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
11:58:41.0723 0x501c0  BFE - ok
11:58:41.0783 0x501c0  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
11:58:41.0801 0x501c0  BITS - ok
11:58:41.0812 0x501c0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:58:41.0816 0x501c0  blbdrive - ok
11:58:41.0855 0x501c0  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:58:41.0859 0x501c0  bowser - ok
11:58:41.0870 0x501c0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:58:41.0874 0x501c0  BrFiltLo - ok
11:58:41.0886 0x501c0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:58:41.0889 0x501c0  BrFiltUp - ok
11:58:41.0902 0x501c0  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:58:41.0906 0x501c0  BridgeMP - ok
11:58:41.0926 0x501c0  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
11:58:41.0951 0x501c0  Browser - ok
11:58:42.0030 0x501c0  [ 08C7E41FF10F56E83B4F10B5E8B1E8B6, AF75E3EDFECC145B8389E4AA6EB8A7456CD60B4462BED7EE7C2C70C534697A9F ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
11:58:42.0046 0x501c0  BrSerIb - ok
11:58:42.0075 0x501c0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:58:42.0085 0x501c0  Brserid - ok
11:58:42.0114 0x501c0  [ 1A5FC78E41840EDF79D65EC16EFF2787, 05BC4C07C88ADDE6D7FF01B821DDB944EEEC8035AC1B6D780E39FDBD12FCA885 ] BrSerIf         C:\Windows\system32\Drivers\BrSerIf.sys
11:58:42.0127 0x501c0  BrSerIf - ok
11:58:42.0153 0x501c0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:58:42.0157 0x501c0  BrSerWdm - ok
11:58:42.0170 0x501c0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:58:42.0173 0x501c0  BrUsbMdm - ok
11:58:42.0185 0x501c0  [ A24C7B39602218F8DBDB2B6704325FC7, B90A1BA412A33AD041A2CE47FBB73AE296AF07A2F3DF1F56D9FEE5B3B1E0BBD5 ] BrUsbSer        C:\Windows\system32\Drivers\BrUsbSer.sys
11:58:42.0200 0x501c0  BrUsbSer - ok
11:58:42.0251 0x501c0  [ 2132A117160F2A96A13C044AE9BCED91, 97ADC66B6FEFA369237E989027C57A0DF28DE031DD2E885325DDB2F54F17745A ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
11:58:42.0255 0x501c0  BrUsbSIb - ok
11:58:42.0267 0x501c0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:58:42.0271 0x501c0  BTHMODEM - ok
11:58:42.0309 0x501c0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
11:58:42.0313 0x501c0  bthserv - ok
11:58:42.0339 0x501c0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:58:42.0343 0x501c0  cdfs - ok
11:58:42.0355 0x501c0  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:58:42.0361 0x501c0  cdrom - ok
11:58:42.0378 0x501c0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:58:42.0382 0x501c0  CertPropSvc - ok
11:58:42.0397 0x501c0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:58:42.0401 0x501c0  circlass - ok
11:58:42.0419 0x501c0  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
11:58:42.0428 0x501c0  CLFS - ok
11:58:42.0510 0x501c0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:58:42.0543 0x501c0  clr_optimization_v2.0.50727_32 - ok
11:58:42.0604 0x501c0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:58:42.0724 0x501c0  clr_optimization_v4.0.30319_32 - ok
11:58:42.0749 0x501c0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:58:42.0758 0x501c0  CmBatt - ok
11:58:42.0787 0x501c0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:58:42.0808 0x501c0  cmdide - ok
11:58:42.0839 0x501c0  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
11:58:42.0850 0x501c0  CNG - ok
11:58:42.0886 0x501c0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:58:42.0890 0x501c0  Compbatt - ok
11:58:42.0905 0x501c0  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:58:42.0919 0x501c0  CompositeBus - ok
11:58:42.0934 0x501c0  COMSysApp - ok
11:58:42.0968 0x501c0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:58:42.0977 0x501c0  crcdisk - ok
11:58:42.0985 0x501c0  Crypkey License - ok
11:58:43.0061 0x501c0  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:58:43.0084 0x501c0  CryptSvc - ok
11:58:43.0146 0x501c0  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
11:58:43.0157 0x501c0  CSC - ok
11:58:43.0195 0x501c0  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
11:58:43.0210 0x501c0  CscService - ok
11:58:43.0259 0x501c0  [ 5E0C1B51629DF668376DEBB70363ED4E, A4F8CC25D57594F69854660A14714364E7975F662F83F001979B481F34402438 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
11:58:43.0282 0x501c0  dc3d - ok
11:58:43.0327 0x501c0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:58:43.0338 0x501c0  DcomLaunch - ok
11:58:43.0377 0x501c0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
11:58:43.0385 0x501c0  defragsvc - ok
11:58:43.0403 0x501c0  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:58:43.0417 0x501c0  DfsC - ok
11:58:43.0439 0x501c0  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:58:43.0447 0x501c0  Dhcp - ok
11:58:43.0496 0x501c0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
11:58:43.0500 0x501c0  discache - ok
11:58:43.0552 0x501c0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
11:58:43.0556 0x501c0  Disk - ok
11:58:43.0792 0x501c0  [ A62801CE63538686A3D0D35738CC57D9, E271D30D2C66E035EE24D9E69E8A4363470C1BD716C447CB4231F6FB9E0414AD ] DisplayFusionService C:\Program Files\DisplayFusion\DisplayFusionService.exe
11:58:44.0013 0x501c0  DisplayFusionService - ok
11:58:44.0086 0x501c0  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:58:44.0144 0x501c0  dmvsc - ok
11:58:44.0191 0x501c0  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:58:44.0227 0x501c0  Dnscache - ok
11:58:44.0276 0x501c0  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:58:44.0283 0x501c0  dot3svc - ok
11:58:44.0311 0x501c0  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
11:58:44.0318 0x501c0  DPS - ok
11:58:44.0367 0x501c0  [ B5FC9AD4A57CA33C538CE3EB8BEDB1D0, 6F39DA0F6D1068FA1E314CBDF0046879844DA2D745CD159BCF8DA5AC10B75ECC ] DragonSvc       C:\Program Files\Common Files\Nuance\dgnsvc.exe
11:58:44.0383 0x501c0  DragonSvc - ok
11:58:44.0439 0x501c0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:58:44.0470 0x501c0  drmkaud - ok
11:58:44.0528 0x501c0  [ 17EA0C9F1A62E9A85837A541BA93CEDF, 01424D7455F94A6114C372C7A3ECE333DFEDE2C683EAEEA8704229F4B80C2B24 ] DXDXHUUIPT      C:\Users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe
11:58:44.0747 0x501c0  DXDXHUUIPT - ok
11:58:44.0837 0x501c0  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:58:44.0877 0x501c0  DXGKrnl - ok
11:58:44.0917 0x501c0  [ CECB58460674339202F79BA1345D8527, 1032E726D64C3432704FE90A7B63A37E854A83389AD3A997C0916628C452F71F ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
11:58:44.0923 0x501c0  eamonm - ok
11:58:44.0968 0x501c0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
11:58:44.0982 0x501c0  EapHost - ok
11:58:45.0167 0x501c0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
11:58:45.0294 0x501c0  ebdrv - ok
11:58:45.0351 0x501c0  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
11:58:45.0364 0x501c0  EFS - ok
11:58:45.0397 0x501c0  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
11:58:45.0409 0x501c0  ehdrv - ok
11:58:45.0501 0x501c0  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:58:45.0537 0x501c0  ehRecvr - ok
11:58:45.0598 0x501c0  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
11:58:45.0605 0x501c0  ehSched - ok
11:58:45.0691 0x501c0  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
11:58:45.0776 0x501c0  ekrn - ok
11:58:45.0841 0x501c0  [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
11:58:45.0855 0x501c0  ElbyCDIO - ok
11:58:45.0910 0x501c0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:58:45.0923 0x501c0  elxstor - ok
11:58:45.0947 0x501c0  [ FBF7A9D02B76AE2D2891BA5B2116DB22, FABABCE4130EC2DB8E8F3F666BC22E651382FEAC5A8F58B4A15F8C2D0807855F ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
11:58:45.0963 0x501c0  epfwwfpr - ok
11:58:45.0978 0x501c0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:58:45.0990 0x501c0  ErrDev - ok
11:58:46.0042 0x501c0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
11:58:46.0051 0x501c0  EventSystem - ok
11:58:46.0071 0x501c0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:58:46.0091 0x501c0  exfat - ok
11:58:46.0164 0x501c0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:58:46.0170 0x501c0  fastfat - ok
11:58:46.0207 0x501c0  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
11:58:46.0221 0x501c0  Fax - ok
11:58:46.0260 0x501c0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:58:46.0264 0x501c0  fdc - ok
11:58:46.0278 0x501c0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
11:58:46.0286 0x501c0  fdPHost - ok
11:58:46.0321 0x501c0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:58:46.0324 0x501c0  FDResPub - ok
11:58:46.0335 0x501c0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:58:46.0340 0x501c0  FileInfo - ok
11:58:46.0348 0x501c0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:58:46.0352 0x501c0  Filetrace - ok
11:58:46.0358 0x501c0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:58:46.0361 0x501c0  flpydisk - ok
11:58:46.0378 0x501c0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:58:46.0384 0x501c0  FltMgr - ok
11:58:46.0437 0x501c0  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
11:58:46.0459 0x501c0  FontCache - ok
11:58:46.0572 0x501c0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:58:46.0613 0x501c0  FontCache3.0.0.0 - ok
11:58:46.0640 0x501c0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:58:46.0662 0x501c0  FsDepends - ok
11:58:46.0702 0x501c0  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:58:46.0705 0x501c0  Fs_Rec - ok
11:58:46.0742 0x501c0  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:58:46.0748 0x501c0  fvevol - ok
11:58:46.0783 0x501c0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:58:46.0801 0x501c0  gagp30kx - ok
11:58:46.0860 0x501c0  [ 17EA0C9F1A62E9A85837A541BA93CEDF, 01424D7455F94A6114C372C7A3ECE333DFEDE2C683EAEEA8704229F4B80C2B24 ] GHEXLJESSYJZJFFD C:\Users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe
11:58:46.0905 0x501c0  GHEXLJESSYJZJFFD - ok
11:58:47.0100 0x501c0  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:58:47.0126 0x501c0  gpsvc - ok
11:58:47.0301 0x501c0  [ 3D6F9920F74FF2BD81EBAAAA7247969C, 9ED4B71A11E40848C229B250222CDA89FFC2FE406218AB762BC692798382B6AE ] hardlock        C:\Windows\system32\drivers\hardlock.sys
11:58:47.0354 0x501c0  hardlock - ok
11:58:47.0527 0x501c0  hasplms - ok
11:58:47.0533 0x501c0  hcov - ok
11:58:47.0583 0x501c0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:58:47.0628 0x501c0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: C44E3C2BAB6837DB337DDEE7544736DB, sha256: 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D
11:58:47.0765 0x501c0  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
11:58:50.0560 0x501c0  Detect skipped due to KSN trusted
11:58:50.0561 0x501c0  hcw85cir - ok
11:58:50.0650 0x501c0  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:58:50.0676 0x501c0  HdAudAddService - ok
11:58:50.0751 0x501c0  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
11:58:50.0807 0x501c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:58:51.0060 0x501c0  \Device\Harddisk0\DR0 - ok
11:58:51.0064 0x501c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
11:58:51.0204 0x501c0  \Device\Harddisk1\DR1 - ok
11:58:51.0207 0x501c0  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR2
11:58:51.0257 0x501c0  \Device\Harddisk2\DR2 - ok
11:58:51.0258 0x501c0  ================ Scan VBR ==================================
11:58:51.0261 0x501c0  [ D915043E434CAF064CD1EFFD3E3F4E72 ] \Device\Harddisk0\DR0\Partition1
11:58:51.0262 0x501c0  \Device\Harddisk0\DR0\Partition1 - ok
11:58:51.0265 0x501c0  [ FD8B7FB5CA9AB0071A9B26D46C861B8B ] \Device\Harddisk0\DR0\Partition2
11:58:51.0266 0x501c0  \Device\Harddisk0\DR0\Partition2 - ok
11:58:51.0268 0x501c0  [ 728EFDE5E1098453F7695BA1861F6360 ] \Device\Harddisk1\DR1\Partition1
11:58:51.0270 0x501c0  \Device\Harddisk1\DR1\Partition1 - ok
11:58:51.0273 0x501c0  [ 0A558E201E37B067E45693013CC056DF ] \Device\Harddisk2\DR2\Partition1
11:58:51.0724 0x501c0  \Device\Harddisk2\DR2\Partition1 - ok
11:58:51.0725 0x501c0  ================ Scan generic autorun ======================
11:58:52.0009 0x501c0  [ DE9BA389EB53B8A499FF0C12E8C8ABB4, 2C345965BD824EEB68FD5AC17492D79774666D50B0AF97148F9D0DA1BC540255 ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
11:58:52.0260 0x501c0  egui - ok
11:58:52.0324 0x501c0  [ 1B82BCF0B8F9228B39F75B0DFA079A21, A71CCCE5F01108F54773E81076411ABC0D4E24CF3492E58561F1D3D7E39BDC87 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
11:58:52.0449 0x501c0  Malwarebytes' Anti-Malware - ok
11:58:52.0542 0x501c0  [ 5983E84038FF6CB55B4BA740C341A54B, 646D1B007AFC9520462F5AB88C253C4D3337DFC362E8498719194589B46BE4CD ] C:\Program Files\Brother\ControlCenter3\brctrcen.exe
11:58:52.0652 0x501c0  ControlCenter3 - ok
11:58:52.0728 0x501c0  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
11:58:52.0752 0x501c0  SunJavaUpdateSched - ok
11:58:52.0834 0x501c0  [ 56636904DC083363FEEDF93591950CCD, 117A369A2CDD7ED9EE0DF8F195C511230574353ADEADA4AD3B9C4B0A88EB67A1 ] C:\Program Files\Sandboxie\SbieCtrl.exe
11:58:52.0870 0x501c0  SandboxieControl - ok
11:58:53.0068 0x501c0  [ DF4B6036A089AC6FA2B0607C32C6ECFD, 430933C383402152618A80E445D8FF48A13F29B487428A06ABDC78D10F96A163 ] C:\Users\Administrator\Downloads\fg742p.exe
11:58:53.0166 0x501c0  ~rmvtxrr - ok
11:58:53.0172 0x501c0  Waiting for KSN requests completion. In queue: 49
11:58:54.0173 0x501c0  Waiting for KSN requests completion. In queue: 49
11:58:55.0173 0x501c0  Waiting for KSN requests completion. In queue: 49
11:58:56.0818 0x501c0  AV detected via SS2: ESET NOD32 Antivirus 7.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 7.0.302.0 ), 0x41010 ( enabled : outofdate )
11:58:56.0922 0x501c0  Win FW state via NFP2: enabled
11:58:59.0914 0x501c0  ============================================================
11:58:59.0926 0x501c0  Scan finished
11:58:59.0926 0x501c0  ============================================================
11:58:59.0934 0x501e4  Detected object count: 0
11:58:59.0935 0x501e4  Actual detected object count: 0
12:00:47.0982 0x502a4  ============================================================
12:00:47.0998 0x502a4  Scan started
12:00:47.0998 0x502a4  Mode: Manual;
12:00:47.0999 0x502a4  ============================================================
12:00:47.0999 0x502a4  KSN ping started
12:01:01.0645 0x502a4  KSN ping finished: true
12:01:03.0165 0x502a4  ================ Scan system memory ========================
12:01:03.0179 0x502a4  System memory - ok
12:01:03.0180 0x502a4  ================ Scan services =============================
12:01:03.0358 0x502a4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:01:03.0387 0x502a4  1394ohci - ok
12:01:03.0421 0x502a4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:01:03.0431 0x502a4  ACPI - ok
12:01:03.0444 0x502a4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:01:03.0447 0x502a4  AcpiPmi - ok
12:01:03.0594 0x502a4  [ 6CD368F2F066DFC507A7477F15B75EB6, 86F253E31CA7DD9C21C160BDCD84FB4CD8B5866C8D135034C0A7582A9E8D00AB ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:01:03.0660 0x502a4  AcrSch2Svc - ok
12:01:03.0730 0x502a4  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:01:03.0734 0x502a4  AdobeARMservice - ok
12:01:03.0758 0x502a4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:01:03.0783 0x502a4  adp94xx - ok
12:01:03.0835 0x502a4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:01:03.0843 0x502a4  adpahci - ok
12:01:03.0862 0x502a4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:01:03.0867 0x502a4  adpu320 - ok
12:01:03.0909 0x502a4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:01:03.0913 0x502a4  AeLookupSvc - ok
12:01:03.0969 0x502a4  [ 53696AD8FFC5FAC51949A525FF65A689, 6233D5407670052A922897B7845DDEE285794613C9F58183D38726FB15B27944 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
12:01:03.0978 0x502a4  afcdp - ok
12:01:04.0170 0x502a4  [ AF44F7E027037628F1FAC3C13CDE73E6, 56A95EBF2241C275FD401487C5F0E86859F8637D8B1BD01B7157EE9BC22B1907 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
12:01:04.0299 0x502a4  afcdpsrv - ok
12:01:04.0379 0x502a4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
12:01:04.0389 0x502a4  AFD - ok
12:01:04.0429 0x502a4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:01:04.0433 0x502a4  agp440 - ok
12:01:04.0452 0x502a4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:01:04.0456 0x502a4  aic78xx - ok
12:01:04.0600 0x502a4  [ 71B8DA260E391A04751221D6394993F1, 16F33CFFD024011A397E1DC1BB830259CBC5EC2CCEC9FEF5BF06FBE785ED7AF0 ] AJTBBNQOH       C:\Users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe
12:01:04.0616 0x502a4  AJTBBNQOH - ok
12:01:04.0667 0x502a4  [ C6397472A8788505FB23C85441837978, 56BE6C55A27F0F48B241BB594C5C7A2A863DDCDA5224497CADF51C2E7617A19F ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
12:01:04.0713 0x502a4  aksfridge - ok
12:01:04.0777 0x502a4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:01:04.0781 0x502a4  ALG - ok
12:01:04.0815 0x502a4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:01:04.0818 0x502a4  aliide - ok
12:01:04.0853 0x502a4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:01:04.0857 0x502a4  amdagp - ok
12:01:04.0878 0x502a4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:01:04.0880 0x502a4  amdide - ok
12:01:04.0893 0x502a4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:01:04.0896 0x502a4  AmdK8 - ok
12:01:04.0909 0x502a4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:01:04.0913 0x502a4  AmdPPM - ok
12:01:04.0957 0x502a4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:01:04.0961 0x502a4  amdsata - ok
12:01:04.0984 0x502a4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:01:04.0989 0x502a4  amdsbs - ok
12:01:05.0005 0x502a4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:01:05.0008 0x502a4  amdxata - ok
12:01:05.0047 0x502a4  [ 84EE9D37145F394669E6FBE948C7105F, 0026717AD6215685B5122AFD116659D5A6AE1691E1526E59C5DE8548FCD5F4F4 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
12:01:05.0052 0x502a4  AnyDVD - ok
12:01:05.0109 0x502a4  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\Windows\system32\drivers\appid.sys
12:01:05.0113 0x502a4  AppID - ok
12:01:05.0150 0x502a4  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:01:05.0153 0x502a4  AppIDSvc - ok
12:01:05.0184 0x502a4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
12:01:05.0187 0x502a4  Appinfo - ok
12:01:05.0230 0x502a4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:01:05.0235 0x502a4  AppMgmt - ok
12:01:05.0255 0x502a4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
12:01:05.0259 0x502a4  arc - ok
12:01:05.0273 0x502a4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:01:05.0277 0x502a4  arcsas - ok
12:01:05.0395 0x502a4  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:01:05.0400 0x502a4  aspnet_state - ok
12:01:05.0415 0x502a4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:05.0418 0x502a4  AsyncMac - ok
12:01:05.0457 0x502a4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:01:05.0460 0x502a4  atapi - ok
12:01:05.0510 0x502a4  [ 9A34927D722AD16841263636A4BF069B, 4A92A84E3E4A8BA9551CFB765D0E6FE50E7CBD5695568FB3A37E1556770A369F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:01:05.0536 0x502a4  AudioEndpointBuilder - ok
12:01:05.0558 0x502a4  [ 9A34927D722AD16841263636A4BF069B, 4A92A84E3E4A8BA9551CFB765D0E6FE50E7CBD5695568FB3A37E1556770A369F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:01:05.0570 0x502a4  Audiosrv - ok
12:01:05.0618 0x502a4  [ F798F61B3B5642D7086B96A891B129D2, C780164F630BE05BF9F4D84AAB3912F4247F40D7AE4753121E7B6292F0087AC6 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
12:01:05.0621 0x502a4  avgtp - ok
12:01:05.0663 0x502a4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:01:05.0667 0x502a4  AxInstSV - ok
12:01:05.0744 0x502a4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:01:05.0768 0x502a4  b06bdrv - ok
12:01:06.0103 0x502a4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:01:06.0111 0x502a4  b57nd60x - ok
12:01:06.0141 0x502a4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:01:06.0145 0x502a4  BDESVC - ok
12:01:06.0158 0x502a4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:01:06.0160 0x502a4  Beep - ok
12:01:06.0183 0x502a4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
12:01:06.0195 0x502a4  BFE - ok
12:01:06.0266 0x502a4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
12:01:06.0315 0x502a4  BITS - ok
12:01:06.0345 0x502a4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:06.0348 0x502a4  blbdrive - ok
12:01:06.0387 0x502a4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:01:06.0391 0x502a4  bowser - ok
12:01:06.0437 0x502a4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:01:06.0439 0x502a4  BrFiltLo - ok
12:01:06.0452 0x502a4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:01:06.0454 0x502a4  BrFiltUp - ok
12:01:06.0468 0x502a4  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:01:06.0475 0x502a4  BridgeMP - ok
12:01:06.0542 0x502a4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
12:01:06.0547 0x502a4  Browser - ok
12:01:06.0597 0x502a4  [ 08C7E41FF10F56E83B4F10B5E8B1E8B6, AF75E3EDFECC145B8389E4AA6EB8A7456CD60B4462BED7EE7C2C70C534697A9F ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
12:01:06.0605 0x502a4  BrSerIb - ok
12:01:06.0625 0x502a4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:01:06.0632 0x502a4  Brserid - ok
12:01:06.0663 0x502a4  [ 1A5FC78E41840EDF79D65EC16EFF2787, 05BC4C07C88ADDE6D7FF01B821DDB944EEEC8035AC1B6D780E39FDBD12FCA885 ] BrSerIf         C:\Windows\system32\Drivers\BrSerIf.sys
12:01:06.0667 0x502a4  BrSerIf - ok
12:01:06.0677 0x502a4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:06.0681 0x502a4  BrSerWdm - ok
12:01:06.0694 0x502a4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:06.0697 0x502a4  BrUsbMdm - ok
12:01:06.0709 0x502a4  [ A24C7B39602218F8DBDB2B6704325FC7, B90A1BA412A33AD041A2CE47FBB73AE296AF07A2F3DF1F56D9FEE5B3B1E0BBD5 ] BrUsbSer        C:\Windows\system32\Drivers\BrUsbSer.sys
12:01:06.0712 0x502a4  BrUsbSer - ok
12:01:06.0725 0x502a4  [ 2132A117160F2A96A13C044AE9BCED91, 97ADC66B6FEFA369237E989027C57A0DF28DE031DD2E885325DDB2F54F17745A ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
12:01:06.0728 0x502a4  BrUsbSIb - ok
12:01:06.0742 0x502a4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:01:06.0745 0x502a4  BTHMODEM - ok
12:01:06.0784 0x502a4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:01:06.0790 0x502a4  bthserv - ok
12:01:06.0805 0x502a4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:01:06.0809 0x502a4  cdfs - ok
12:01:06.0821 0x502a4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:01:06.0826 0x502a4  cdrom - ok
12:01:06.0835 0x502a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:01:06.0839 0x502a4  CertPropSvc - ok
12:01:06.0855 0x502a4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:01:06.0858 0x502a4  circlass - ok
12:01:06.0877 0x502a4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
12:01:06.0884 0x502a4  CLFS - ok
12:01:06.0993 0x502a4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:07.0006 0x502a4  clr_optimization_v2.0.50727_32 - ok
12:01:07.0046 0x502a4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:07.0068 0x502a4  clr_optimization_v4.0.30319_32 - ok
12:01:07.0091 0x502a4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:01:07.0094 0x502a4  CmBatt - ok
12:01:07.0129 0x502a4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:01:07.0132 0x502a4  cmdide - ok
12:01:07.0165 0x502a4  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:01:07.0177 0x502a4  CNG - ok
12:01:07.0228 0x502a4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:01:07.0231 0x502a4  Compbatt - ok
12:01:07.0280 0x502a4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:01:07.0313 0x502a4  CompositeBus - ok
12:01:07.0330 0x502a4  COMSysApp - ok
12:01:07.0360 0x502a4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:01:07.0363 0x502a4  crcdisk - ok
12:01:07.0366 0x502a4  Crypkey License - ok
12:01:07.0411 0x502a4  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:01:07.0417 0x502a4  CryptSvc - ok
12:01:07.0481 0x502a4  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
12:01:07.0494 0x502a4  CSC - ok
12:01:07.0556 0x502a4  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
12:01:07.0570 0x502a4  CscService - ok
12:01:07.0608 0x502a4  [ 5E0C1B51629DF668376DEBB70363ED4E, A4F8CC25D57594F69854660A14714364E7975F662F83F001979B481F34402438 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
12:01:07.0612 0x502a4  dc3d - ok
12:01:07.0675 0x502a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:01:07.0686 0x502a4  DcomLaunch - ok
12:01:07.0735 0x502a4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:01:07.0743 0x502a4  defragsvc - ok
12:01:07.0752 0x502a4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:01:07.0756 0x502a4  DfsC - ok
12:01:07.0772 0x502a4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:01:07.0779 0x502a4  Dhcp - ok
12:01:07.0820 0x502a4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:01:07.0824 0x502a4  discache - ok
12:01:07.0842 0x502a4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
12:01:07.0846 0x502a4  Disk - ok
12:01:08.0073 0x502a4  [ A62801CE63538686A3D0D35738CC57D9, E271D30D2C66E035EE24D9E69E8A4363470C1BD716C447CB4231F6FB9E0414AD ] DisplayFusionService C:\Program Files\DisplayFusion\DisplayFusionService.exe
12:01:08.0234 0x502a4  DisplayFusionService - ok
12:01:08.0361 0x502a4  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:01:08.0365 0x502a4  dmvsc - ok
12:01:08.0399 0x502a4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:01:08.0404 0x502a4  Dnscache - ok
12:01:08.0451 0x502a4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:01:08.0458 0x502a4  dot3svc - ok
12:01:08.0503 0x502a4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
12:01:08.0509 0x502a4  DPS - ok
12:01:08.0565 0x502a4  [ B5FC9AD4A57CA33C538CE3EB8BEDB1D0, 6F39DA0F6D1068FA1E314CBDF0046879844DA2D745CD159BCF8DA5AC10B75ECC ] DragonSvc       C:\Program Files\Common Files\Nuance\dgnsvc.exe
12:01:08.0584 0x502a4  DragonSvc - ok
12:01:08.0647 0x502a4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:01:08.0650 0x502a4  drmkaud - ok
12:01:08.0713 0x502a4  [ 17EA0C9F1A62E9A85837A541BA93CEDF, 01424D7455F94A6114C372C7A3ECE333DFEDE2C683EAEEA8704229F4B80C2B24 ] DXDXHUUIPT      C:\Users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe
12:01:08.0736 0x502a4  DXDXHUUIPT - ok
12:01:08.0811 0x502a4  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:01:08.0830 0x502a4  DXGKrnl - ok
12:01:08.0883 0x502a4  [ CECB58460674339202F79BA1345D8527, 1032E726D64C3432704FE90A7B63A37E854A83389AD3A997C0916628C452F71F ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
12:01:08.0890 0x502a4  eamonm - ok
12:01:08.0934 0x502a4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:01:08.0940 0x502a4  EapHost - ok
12:01:09.0135 0x502a4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:01:09.0237 0x502a4  ebdrv - ok
12:01:09.0292 0x502a4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
12:01:09.0296 0x502a4  EFS - ok
12:01:09.0330 0x502a4  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
12:01:09.0334 0x502a4  ehdrv - ok
12:01:09.0432 0x502a4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:01:09.0450 0x502a4  ehRecvr - ok
12:01:09.0488 0x502a4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
12:01:09.0493 0x502a4  ehSched - ok
12:01:09.0576 0x502a4  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:01:09.0659 0x502a4  ekrn - ok
12:01:09.0715 0x502a4  [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
12:01:09.0718 0x502a4  ElbyCDIO - ok
12:01:09.0776 0x502a4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:01:09.0788 0x502a4  elxstor - ok
12:01:09.0887 0x502a4  [ FBF7A9D02B76AE2D2891BA5B2116DB22, FABABCE4130EC2DB8E8F3F666BC22E651382FEAC5A8F58B4A15F8C2D0807855F ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
12:01:09.0892 0x502a4  epfwwfpr - ok
12:01:09.0901 0x502a4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:01:09.0904 0x502a4  ErrDev - ok
12:01:09.0957 0x502a4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:01:09.0967 0x502a4  EventSystem - ok
12:01:10.0012 0x502a4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:01:10.0018 0x502a4  exfat - ok
12:01:10.0064 0x502a4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:01:10.0070 0x502a4  fastfat - ok
12:01:10.0104 0x502a4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
12:01:10.0119 0x502a4  Fax - ok
12:01:10.0159 0x502a4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:01:10.0162 0x502a4  fdc - ok
12:01:10.0176 0x502a4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:01:10.0180 0x502a4  fdPHost - ok
12:01:10.0195 0x502a4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:01:10.0198 0x502a4  FDResPub - ok
12:01:10.0209 0x502a4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:01:10.0213 0x502a4  FileInfo - ok
12:01:10.0222 0x502a4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:01:10.0225 0x502a4  Filetrace - ok
12:01:10.0238 0x502a4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:10.0241 0x502a4  flpydisk - ok
12:01:10.0260 0x502a4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:01:10.0268 0x502a4  FltMgr - ok
12:01:10.0319 0x502a4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
12:01:10.0341 0x502a4  FontCache - ok
12:01:10.0446 0x502a4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:01:10.0459 0x502a4  FontCache3.0.0.0 - ok
12:01:10.0531 0x502a4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:01:10.0534 0x502a4  FsDepends - ok
12:01:10.0568 0x502a4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:01:10.0571 0x502a4  Fs_Rec - ok
12:01:10.0615 0x502a4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:01:10.0622 0x502a4  fvevol - ok
12:01:10.0674 0x502a4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:01:10.0678 0x502a4  gagp30kx - ok
12:01:10.0805 0x502a4  [ 17EA0C9F1A62E9A85837A541BA93CEDF, 01424D7455F94A6114C372C7A3ECE333DFEDE2C683EAEEA8704229F4B80C2B24 ] GHEXLJESSYJZJFFD C:\Users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe
12:01:10.0859 0x502a4  GHEXLJESSYJZJFFD - ok
12:01:10.0933 0x502a4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:01:10.0948 0x502a4  gpsvc - ok
12:01:11.0018 0x502a4  [ 3D6F9920F74FF2BD81EBAAAA7247969C, 9ED4B71A11E40848C229B250222CDA89FFC2FE406218AB762BC692798382B6AE ] hardlock        C:\Windows\system32\drivers\hardlock.sys
12:01:11.0033 0x502a4  hardlock - ok
12:01:11.0054 0x502a4  hasplms - ok
12:01:11.0060 0x502a4  hcov - ok
12:01:11.0099 0x502a4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:01:11.0102 0x502a4  hcw85cir - ok
12:01:11.0126 0x502a4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:01:11.0135 0x502a4  HdAudAddService - ok
12:01:11.0156 0x502a4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:01:11.0172 0x502a4  HDAudBus - ok
12:01:11.0188 0x502a4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:01:11.0191 0x502a4  HidBatt - ok
12:01:11.0206 0x502a4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:01:11.0224 0x502a4  HidBth - ok
12:01:11.0239 0x502a4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:01:11.0243 0x502a4  HidIr - ok
12:01:11.0288 0x502a4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
12:01:11.0292 0x502a4  hidserv - ok
12:01:11.0333 0x502a4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:01:11.0346 0x502a4  HidUsb - ok
12:01:11.0370 0x502a4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:01:11.0405 0x502a4  hkmsvc - ok
12:01:11.0427 0x502a4  [ E6D22930B3CF9827447CA52973C0A4A8, 0AB5857D48A092D3238B7276D7E283C657E9D90CED8318E3C2F8D73532E1A6E5 ] HNFOEA          C:\Users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe
12:01:11.0475 0x502a4  HNFOEA - ok
12:01:11.0525 0x502a4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:01:11.0534 0x502a4  HomeGroupListener - ok
12:01:11.0580 0x502a4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:01:11.0588 0x502a4  HomeGroupProvider - ok
12:01:11.0621 0x502a4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:01:11.0626 0x502a4  HpSAMD - ok
12:01:11.0652 0x502a4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:01:11.0666 0x502a4  HTTP - ok
12:01:11.0676 0x502a4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:01:11.0680 0x502a4  hwpolicy - ok
12:01:11.0693 0x502a4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:01:11.0697 0x502a4  i8042prt - ok
12:01:11.0738 0x502a4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:01:11.0748 0x502a4  iaStorV - ok
12:01:11.0833 0x502a4  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:01:11.0926 0x502a4  IDriverT - ok
12:01:12.0161 0x502a4  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:01:12.0303 0x502a4  idsvc - ok
12:01:12.0535 0x502a4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:01:12.0545 0x502a4  [ Global ] - ok
12:01:12.0545 0x502a4  ================ Scan MBR ==================================
12:01:12.0566 0x502a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:01:12.0852 0x502a4  \Device\Harddisk0\DR0 - ok
12:01:12.0874 0x502a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:01:13.0059 0x502a4  \Device\Harddisk1\DR1 - ok
12:01:13.0062 0x502a4  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR2
12:01:13.0111 0x502a4  \Device\Harddisk2\DR2 - ok
12:01:13.0112 0x502a4  ================ Scan VBR ==================================
12:01:13.0131 0x502a4  [ D915043E434CAF064CD1EFFD3E3F4E72 ] \Device\Harddisk0\DR0\Partition1
12:01:13.0133 0x502a4  \Device\Harddisk0\DR0\Partition1 - ok
12:01:13.0136 0x502a4  [ FD8B7FB5CA9AB0071A9B26D46C861B8B ] \Device\Harddisk0\DR0\Partition2
12:01:13.0137 0x502a4  \Device\Harddisk0\DR0\Partition2 - ok
12:01:13.0140 0x502a4  [ 728EFDE5E1098453F7695BA1861F6360 ] \Device\Harddisk1\DR1\Partition1
12:01:13.0141 0x502a4  \Device\Harddisk1\DR1\Partition1 - ok
12:01:13.0144 0x502a4  [ 0A558E201E37B067E45693013CC056DF ] \Device\Harddisk2\DR2\Partition1
12:01:13.0145 0x502a4  \Device\Harddisk2\DR2\Partition1 - ok
12:01:13.0146 0x502a4  ================ Scan generic autorun ======================
12:01:13.0557 0x502a4  [ DE9BA389EB53B8A499FF0C12E8C8ABB4, 2C345965BD824EEB68FD5AC17492D79774666D50B0AF97148F9D0DA1BC540255 ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
12:01:13.0810 0x502a4  egui - ok
12:01:13.0891 0x502a4  [ 1B82BCF0B8F9228B39F75B0DFA079A21, A71CCCE5F01108F54773E81076411ABC0D4E24CF3492E58561F1D3D7E39BDC87 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
12:01:13.0904 0x502a4  Malwarebytes' Anti-Malware - ok
12:01:13.0959 0x502a4  [ 5983E84038FF6CB55B4BA740C341A54B, 646D1B007AFC9520462F5AB88C253C4D3337DFC362E8498719194589B46BE4CD ] C:\Program Files\Brother\ControlCenter3\brctrcen.exe
12:01:13.0965 0x502a4  ControlCenter3 - ok
12:01:14.0020 0x502a4  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
12:01:14.0036 0x502a4  SunJavaUpdateSched - ok
12:01:14.0118 0x502a4  [ 56636904DC083363FEEDF93591950CCD, 117A369A2CDD7ED9EE0DF8F195C511230574353ADEADA4AD3B9C4B0A88EB67A1 ] C:\Program Files\Sandboxie\SbieCtrl.exe
12:01:14.0134 0x502a4  SandboxieControl - ok
12:01:14.0287 0x502a4  [ DF4B6036A089AC6FA2B0607C32C6ECFD, 430933C383402152618A80E445D8FF48A13F29B487428A06ABDC78D10F96A163 ] C:\Users\Administrator\Downloads\fg742p.exe
12:01:14.0383 0x502a4  ~rmvtxrr - ok
12:01:14.0389 0x502a4  Waiting for KSN requests completion. In queue: 17
12:01:15.0390 0x502a4  Waiting for KSN requests completion. In queue: 17
12:01:16.0390 0x502a4  Waiting for KSN requests completion. In queue: 17
12:01:17.0436 0x502a4  AV detected via SS2: ESET NOD32 Antivirus 7.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 7.0.302.0 ), 0x41010 ( enabled : outofdate )
12:01:17.0440 0x502a4  Win FW state via NFP2: enabled
12:01:20.0311 0x502a4  ============================================================
12:01:20.0311 0x502a4  Scan finished
12:01:20.0311 0x502a4  ============================================================
12:01:20.0322 0x507a8  Detected object count: 0
12:01:20.0322 0x507a8  Actual detected object count: 0
12:06:48.0907 0x502c8  Deinitialize success

 



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 November 2014 - 09:11 AM

Hi soloio,
 

Next morning with the internet connection off shortly after starting on the document a series of message box appeared:

What were the messages that were displayed?

=========================

This line from the AdwCleaner log show you have run this tool 20 times. Can you tell if this is accurate, and have you made all these scan in connection with these current issues?
AdwCleaner[R20].txt - [1119 octets] - [14/11/2014 22:06:22]

=========================

What firewall do you currently have installed and running on this computer?

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

MBAMAnti-Rootkit1_zps4613be8c.png

  • Please click by the introduction screen on the Next button to continue.

MBAMAnti-Rootkit2update_zpsf85fca28.png

  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

MBAMAnti-Rootkitupdatecomplete_zpscf9f4c

  • When the update has finished, click on the Next button.

MBAMAnti-Rootkitscan_zps9b346fe7.png

  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

MBAMAnti-Rootkitscan-results_zps9f0fdf8e

  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • checkup.txt
  • MBAR log
  • new FRST.txt
  • Answers to my questions.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 18 November 2014 - 08:37 PM

Malwarebytes
program files are missing or corrupt Please reinstall
PROGRAM_ERROR_LOAD_DATABASE (0, -3, SDKCreate)

C:\Users\ADMINI~1\AppData\Local\Temp\_DFkckK0.exe.part could not be saved, because an unknown error occurred.

Try saving to a different location.


Java virtual Machine Launcer
A java Exception has accured


Microsoft Word
There is a serious disk error on file ~WRD3111.

Microsoft Word
There is a serious disk error on file ~WRD1272.

Microsoft Word
There is a serious disk error on file ~WRD1259.

ESET andocumented error 1106


C:\Users\ADMINI~1\AppData\Local\Temp\1um7gzU1.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.


SQLite 3.dll can;t beloaded (1)


SBIE2101 [C000009A / 99]
SBIE2314 Canceling process msert.exe
SBIE2314 Canceling process msert.exe
SBIE2314 Canceling process msert.exe
SBIE2314 Canceling process msert.exe
SBIE2314 Canceling process msert.exe



 

 

HI! OCD

For the AdwCleaner I have used a few times I do not think that many times

As for firewall I believe it is ESET NOD 32 I could not see/find which program

Windows Firewall is on

 

Above are some of the messages that appeared before posting for help

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Administrator at 2014-11-19 12:08:47
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2411852452-117403543-12125213-500\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Acronis True Image Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM\...\AU10_is1) (Version: 10 - Innovative Solutions)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.3.0.0 - SlySoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AZARDI (HKLM\...\AZARDI_is1) (Version:  - Infogrid Pacific Pte. Ltd.)
Balabolka (HKLM\...\Balabolka) (Version: 2.10.0.575 - Ilya Morozov)
Brother MFL-Pro Suite MFC-790CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Classic Menu for Office Enterprise 2010 and 2013 v5.85 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.85 - Addintools)
Contents (Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
CyberLink PowerDirector 12 (HKLM\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3403.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 6.0 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.0.0.0 - Binary Fortress Software)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{6DCA86D6-F197-41B7-BD33-43E32A15A41E}) (Version: 7.0.302.0 - ESET, spol s r. o.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free Sound Recorder v9.7.5 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)
Freeware PDF Unlocker (HKLM\...\{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}) (Version: 1.0.4 - SMTguru)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
ICA (Version: 16.0.0.106 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IPM_VS_Pro (Version: 16.0 - Corel Corporation) Hidden
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
L&H TTS3000 Italiano (HKLM\...\LHTTSITI) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nero 12 (HKLM\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}) (Version: 7.0.144 - O&O Software GmbH)
OlympusCodecs (HKLM\...\{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}) (Version: 1.0.1 - Olympus)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version:  - )
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Setup (Version: 16.0.0.106 - Corel Corporation) Hidden
Share (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Remove Master v5.0.1.3 (HKLM\...\Software Remove Master_is1) (Version:  - CareWindows)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (32-bit) (HKLM\...\{48C4B49D-F876-4969-BF74-319EF3601A35}) (Version: 1.5.1 - The Synergy Project)
The FTW Transcriber version 3.1 (HKLM\...\{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1) (Version: 3.1 - The Tyger Valley Systems, Inc.)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Ultimate Paint 2.88 Freeware Edition (HKLM\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.3 - fCoder Group, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VSClassic (Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (Version: 16.0.0.106 - Corel Corporation) Hidden
VSUltimate (Version: 16.0.0.106 - Corel Corporation) Hidden
VT-Bridget-M16-SAPI5 (HKLM\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
VT-Julie-M16-SAPI5 (HKLM\...\{C496F7CD-ED09-4D8D-872E-3470D4717714}) (Version:  - )
VT-Kate-M16-SAPI5 (HKLM\...\{9FAD67A7-3A4E-4754-AAC4-0397F370611D}) (Version:  - )
VT-Paul-M16-SAPI5 (HKLM\...\{942DF6BD-E4F2-4915-B4FB-09C02B71284F}) (Version:  - )
Welcome App (Start-up experience) (Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows Driver Package - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordPerfect Office X6 - Common Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (Version: 16.0 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.318 - Corel Corporation)
WordPerfect Office X6 (Version: 16.0 - Corel Corporation) Hidden
Youtube Downloader HD v. 2.9.6 (HKLM\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-11-2014 07:36:50 Installed OlympusCodecs
12-11-2014 01:21:45 Removed SmartSound Quicktracks 5
12-11-2014 03:14:36 Removed NVIDIA PhysX
12-11-2014 03:19:13 Removed OlympusCodecs
12-11-2014 08:11:41 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
14-11-2014 08:03:12 Removed OlympusCodecs
14-11-2014 08:25:36 Removed OlympusCodecs
16-11-2014 00:52:47 Removed Java 7 Update 71
19-11-2014 01:45:05 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-30 10:34 - 2014-11-15 10:03 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CA6C9D-7CCC-428E-914C-F01421A85CBE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {08038180-7575-4743-AA20-957747EA1DF7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A897EC5-DB50-4E03-BBE3-D57A5A794189} - System32\Tasks\{2C3F50B1-D54D-40CA-992C-830EB5627BDF} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {10EF8F74-69C8-4E4F-BA9B-5DD716CE1EB4} - System32\Tasks\{3DCA905C-CBBF-424C-B155-5B0162A152CF} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {178909FA-264A-49EC-8FF2-9C56A9B13A2A} - System32\Tasks\{742B0DA6-B0BA-407B-AD13-2EF45C8B5136} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {19460C60-1E2E-4918-94E0-D512C0E5756F} - System32\Tasks\{61D2098D-AB2E-4155-BBA6-7175DCC19796} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {1BF0892A-A768-4CE9-8296-BD0AF0E558DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1D7F019C-D419-49C7-BAA0-A577C33B19D2} - System32\Tasks\{FF074E76-79B5-407D-A341-07E6BACAC239} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {1F4B18E4-27FA-4888-8A92-440059244BC2} - System32\Tasks\{C27BEF35-AF2F-476D-A7BB-2D58CADB4917} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {215EBB15-4A20-4933-A901-C46A6D3B1991} - System32\Tasks\{97E53D3C-1CE8-43C9-9697-2354A5E7825F} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {28455495-D1FC-4558-B070-A172B5334163} - System32\Tasks\{92123959-9F6E-472B-9509-79B7C22FE5A1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {2FB16726-0240-4074-A381-4DA5AC038384} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31CFD816-5E6E-4F8E-B71B-2F6344CDA3D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3967B16F-08ED-4990-9728-2855AA26C8D3} - System32\Tasks\{C49E02A8-FD5A-45A2-ABA7-BD66E3C3D11D} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3A82721C-EA39-4C5C-A69A-93943D12BF94} - System32\Tasks\{77975FFD-B173-4AF2-9A64-88D2367B638D} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3AE87692-B99B-436C-8320-9FC7ABBADC3D} - System32\Tasks\{19747C34-5D7E-4DBB-8F29-E0CA714F7341} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3EE8C6D0-1AAC-4ADE-A363-A2DC7FC8AA98} - System32\Tasks\{96E49231-874F-45BB-8C30-8177DF641A49} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {4389A372-FC61-40B0-85C6-475415D624A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {456C2A4E-9180-4F04-9560-3E28BB018C68} - System32\Tasks\{70259839-3263-4456-B23D-D5F4D1BE7C16} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {47939221-4A52-4194-B085-AEB2A6C2103D} - System32\Tasks\{5BE0F675-129F-4995-8F06-03EF74B0F692} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {498FCE60-CBFB-49F4-B48A-B54F9194969F} - System32\Tasks\{D09C7287-B757-40E0-9BAB-29FB2DBBA8FE} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {4F43426A-4609-4EAB-A61C-7A5DF5B99125} - System32\Tasks\{858FB472-5CEA-4FBD-9E72-65DEC715A7C5} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {528711F2-1C72-448D-B5EF-37927EADCC31} - System32\Tasks\{F2848B54-0B33-4407-AA89-F92FC745D459} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {56410E59-C3B1-40F8-B0FD-674254FBA0E7} - System32\Tasks\{F12BB17B-8534-4DF4-9B6F-3E475FFDE5B8} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {56DBD133-FF99-443B-B8AC-3ECC426B958F} - System32\Tasks\{598A64E4-9B31-4706-8E5E-1DE0A59292E0} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {5ADDB58B-CD32-4C7A-8C67-0F33C2AFEB36} - System32\Tasks\{26F8E065-2C28-4787-8086-ADFEA2845C6F} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {5EE847CB-FE75-4CF1-BED6-837AC7159F2D} - System32\Tasks\{8EA4414C-54BF-4BB7-A44E-9BC521BDBF4A} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {67F58E9F-0BE3-4687-A0CB-793072C765CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C2214C5-1FB9-4BF9-AB41-F112C323F6AE} - System32\Tasks\{80F3845C-3C92-4898-A9FF-0B5EE604DF07} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {6F868CB2-B24A-4870-B985-C710DDCDC3DF} - System32\Tasks\{7F916CCC-7C8F-478B-918C-C6D255DF3C96} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {759A20CA-2CC1-463C-AB2B-5F20ECA69237} - System32\Tasks\{B5CEC5F3-64B5-4680-9DBB-B24E00ED9E93} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {7BAEB8C8-16A9-4298-B4B6-FFFF2392075A} - System32\Tasks\{2B5DC53E-0AB1-4FD5-8376-F45831513321} => G:\Programs\A0184583.exe [2005-04-01] ()
Task: {7D614EE3-9D66-423F-88D0-D80F9C23C979} - System32\Tasks\{57E60407-B0FB-4D1B-A1C4-5157608AB94C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {82BF0377-0F7E-46FD-B45F-93885DF2B269} - System32\Tasks\{D92EDE2F-6ECB-46C4-AF2C-088BB3266C49} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv.msi"
Task: {8958F3FB-5EC7-4C63-A8DE-994597FE8189} - System32\Tasks\{D3D4DB0C-580C-46D9-89E1-68B5B9259E28} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {91D6F716-06D8-4DE8-9FF0-8B38127F071F} - System32\Tasks\{0884BF43-CAEA-4028-8EF9-6A43F9CBAF4B} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {955F58A1-9B56-4134-8B00-E6A24D152E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe
Task: {9A3EED12-48B7-4FDE-89E1-211C2A81374F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9A8DEEF7-5879-417B-8910-817C62E257AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {9ABF9E49-9B3F-404E-ACE9-EFD7E06AAAD1} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files\NCH Software\Express\Express.exe
Task: {AA318FA1-575A-463F-800F-6EC8A9EE1A5B} - System32\Tasks\{72F5C9F6-BF43-44FA-9C9B-1A414EA26E18} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {B238A0AF-4B8B-4A9D-BB66-143A4F70B525} - System32\Tasks\{8821CE3A-A714-4E0B-A8B5-EC7D64AD924C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B4CDFFB2-7FA3-4BFC-BA1B-C987763795D5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B56E7DDF-9ADE-44EA-8840-2D695C4A8E60} - System32\Tasks\{43022584-1FB3-433D-9BAE-856426CFDAD2} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B8F2760C-C46E-4C21-92A2-6557BB1FD4D3} - System32\Tasks\{24586FE0-83FE-4FFF-A59B-8D6F461E0ADB} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {CB4AE861-A16A-4CDA-B2C8-24CC42C82E9E} - System32\Tasks\{8D73619E-884E-4B2A-8690-FD2E6744D2B1} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {CC1103FC-DB87-4860-9806-36E7FBAF2877} - System32\Tasks\{2F4F007B-B337-4BAA-8835-96B7597EEF1B} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {CDB8BC96-F444-4126-B8E6-6CA7B495D9F8} - System32\Tasks\{2D8604A9-1DAA-4D11-8018-32C0E45AC2A0} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {D29B7288-C0C9-4911-B299-CF880AC73D80} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D41851D3-61ED-48E6-A243-9D9E3328A3BE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KHAN-Administrator Khan => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D536B505-EAD3-40B0-B781-AE2AE206BB2D} - System32\Tasks\{253E0BCE-68AC-4F7D-93E9-5435C5EE38F9} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {E0776124-DEBD-4C63-8257-342A6D883336} - System32\Tasks\{6A9758CB-785E-439C-9C1B-2238CECA5BF2} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {E4E34B87-A337-4D5C-A121-49066069A29C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EAFB4792-2E9F-4098-AF9B-6700216F9A04} - System32\Tasks\{37343038-3FED-49FC-A743-8DDDFE16F4F7} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {F929BE73-A7C9-4DD4-AF4D-892ED5933594} - System32\Tasks\{575ED30B-3D7F-46C2-B023-637056BFF346} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {FBCBC6EF-D7CE-4A65-B778-D35411F56594} - System32\Tasks\{4B12E91A-5B39-42C5-B438-D29669D9D6C1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2013-11-02 20:36 - 2013-01-31 19:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-02 15:57 - 2012-08-08 22:36 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-08-21 18:20 - 2014-08-21 18:20 - 00278016 _____ () C:\Program Files\Synergy\synergyd.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-11-11 08:27 - 2014-11-11 08:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-18 01:45 - 2014-11-18 01:45 - 16840880 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: YBYFGZAO => 3
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: BrMfcWnd =>
MSCONFIG\startupreg: ControlCenter3 =>
MSCONFIG\startupreg: IndexSearch =>
MSCONFIG\startupreg: PaperPort PTD =>
MSCONFIG\startupreg: SSBkgdUpdate =>

========================= Accounts: ==========================

Administrator (S-1-5-21-2411852452-117403543-12125213-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2411852452-117403543-12125213-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2411852452-117403543-12125213-1025 - Limited - Enabled)
test (S-1-5-21-2411852452-117403543-12125213-1023 - Administrator - Enabled) => C:\Users\test
UpdatusUser (S-1-5-21-2411852452-117403543-12125213-1026 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2014 09:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14fe8

Start Time: 01d003802222269f

Termination Time: 109

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/18/2014 07:01:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b4ec

Start Time: 01d0030a956f120d

Termination Time: 134

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/18/2014 00:41:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2014 11:29:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2014 03:06:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/17/2014 02:31:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/17/2014 00:14:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2014 03:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x3edc
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/16/2014 03:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d37
Faulting process id: 0x3b34
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/16/2014 02:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x2868
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3


System errors:
=============
Error: (11/19/2014 11:54:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/19/2014 11:54:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/18/2014 01:43:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/18/2014 01:43:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (11/18/2014 01:43:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/18/2014 01:42:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:40:19 AM on ‎11/‎18/‎2014 was unexpected.

Error: (11/16/2014 10:43:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/16/2014 10:42:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.

Error: (11/16/2014 10:21:10 AM) (Source: Disk) (EventID: 15) (User: )
Description: The device, \Device\Harddisk2\DR2, is not ready for access yet.


Microsoft Office Sessions:
=========================
Error: (08/29/2013 01:42:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000496960

Error: (07/29/2013 04:20:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 3Microsoft Office PowerPoint12.0.6600.100012.0.6612.100028941320

Error: (05/23/2013 05:51:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100069484080

Error: (11/07/2012 05:42:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.101423820

Error: (11/05/2012 07:02:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10142594585760

Error: (07/30/2012 11:03:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000375300

Error: (07/14/2012 04:56:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000690403180

Error: (06/06/2012 10:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6661.500012.0.6612.1000470

Error: (02/02/2012 10:09:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.1014648300


CodeIntegrity Errors:
===================================
  Date: 2014-10-15 04:12:37.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:09:02.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 39%
Total physical RAM: 3070.49 MB
Available physical RAM: 1855.84 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4595.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:168 GB) (Free:49.55 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:130.09 GB) (Free:42.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (1TERA_10GB) (Fixed) (Total:931.51 GB) (Free:374.97 GB) NTFS
Drive g: (320D500GB) (Fixed) (Total:465.76 GB) (Free:216.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BFBBC8F1)
Partition 1: (Active) - (Size=130.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33091F32)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4FE0168)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Administrator (administrator) on KHAN on 19-11-2014 12:07:56
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [~rmvtxrr] => C:\Users\Administrator\Downloads\fg742p.exe [2115360 2013-11-20] (Dynamic Internet Technology, Inc.)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D837ED443E9CF01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-11-16] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2013-10-03] (OLYMPUS IMAGING CORP.) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4772144 2013-02-21] (O&O Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-18] (Sandboxie Holdings, LLC)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [278016 2014-08-21] () [File not signed]
S4 AJTBBNQOH; C:\Users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe [X]
S4 DXDXHUUIPT; C:\Users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe [X]
S4 ESZIRRKTB; C:\Users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe [X]
S4 GHEXLJESSYJZJFFD; C:\Users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe [X]
S4 GIFNPEGD; C:\Users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe [X]
S4 HNFOEA; C:\Users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe [X]
S4 IPYGNV; C:\Users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe [X]
S4 YBYFGZAO; C:\Users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-25] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-15] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-15] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-08-15] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [115928 2014-11-19] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-18] () [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-11-19] (secr9tos) [File not signed]
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [98064 2012-10-24] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [29456 2012-10-24] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [209168 2012-10-24] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [32528 2012-10-24] (O&O Software GmbH)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [20808 2013-11-30] (Christian Gulden)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-18] (Sandboxie Holdings, LLC)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-16] (Acronis)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2011-06-23] (Windows ® Win 7 DDK provider)
S0 hcov; System32\drivers\werlmk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:07 - 2014-11-19 12:08 - 00014173 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-19 12:06 - 2014-11-19 12:06 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-11-19 10:15 - 2014-11-19 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-19 10:15 - 2014-11-19 10:17 - 00115928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 10:10 - 2014-11-19 10:10 - 00000895 _____ () C:\Users\Administrator\Desktop\checkup.txt
2014-11-19 10:07 - 2014-11-19 11:45 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2014-11-19 10:02 - 2014-11-19 10:02 - 00000000 ____D () C:\Users\Administrator\Downloads\mbar-1.08.1.1001
2014-11-19 09:52 - 2014-11-19 09:52 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.08.1.1001.exe
2014-11-19 09:33 - 2014-11-19 09:33 - 00854414 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-11-16 16:44 - 2014-11-19 12:07 - 00000000 ____D () C:\FRST
2014-11-16 16:37 - 2014-11-19 12:06 - 01108992 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-11-15 11:33 - 2014-11-19 11:54 - 00000496 _____ () C:\Windows\error.log
2014-11-15 02:39 - 2014-11-15 02:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-11-15 02:39 - 2014-11-15 02:39 - 00000000 ____D () C:\RegBackup
2014-11-15 00:33 - 2014-11-15 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 22:32 - 2014-11-14 22:33 - 01706808 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-11-14 19:10 - 2014-11-14 19:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-11-14 19:07 - 2014-11-14 19:08 - 02140160 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2014-11-14 19:04 - 2014-11-14 23:02 - 00000000 ____D () C:\AdwCleaner
2014-11-14 13:23 - 2014-11-14 13:24 - 120201976 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2014-11-14 12:03 - 2014-11-14 22:33 - 00001015 _____ () C:\Users\Administrator\Desktop\Errors.txt
2014-11-12 19:04 - 2014-11-12 19:04 - 00013630 _____ () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch.htm
2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch_files
2014-11-12 19:03 - 2014-11-12 19:14 - 22892794 _____ (Audacity Team ) C:\Users\Administrator\Downloads\audacity-win-2.0.6.exe
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Administrator\Documents\2006 FIFA World Cup™
2014-11-12 16:10 - 2014-11-12 16:10 - 00061440 _____ ( ) C:\Users\Administrator\Downloads\VEW.exe
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\Speccy
2014-11-12 13:15 - 2014-11-12 13:15 - 00000000 ____D () C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 13:12 - 2014-11-12 13:19 - 09817304 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-11-12 12:48 - 2014-11-12 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-11-11 17:37 - 2014-11-11 17:37 - 00000288 _____ () C:\Windows\Support.ini
2014-11-11 17:37 - 2014-11-11 17:37 - 00000000 ____D () C:\Program Files\Common Files\Olympus Shared
2014-11-11 17:32 - 2014-11-12 11:12 - 00000000 ____D () C:\Program Files\The FTW Transcriber
2014-11-11 17:32 - 2014-11-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
2014-11-11 17:28 - 2014-11-11 17:30 - 24588601 _____ (The Tyger Valley Systems, Inc. ) C:\Users\Administrator\Downloads\FTW Transcribe setup.exe
2014-11-11 17:21 - 2014-11-11 17:21 - 01177930 _____ () C:\Users\Administrator\Downloads\NCH.Express.Scribe.Pro.v5.55.Incl.Keygen-BRD.rar
2014-11-11 12:07 - 2014-11-19 10:10 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 11:00 - 2014-11-11 14:46 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2014-11-11 09:31 - 2014-11-11 09:31 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-11-11 09:30 - 2014-11-11 09:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVS4YOU
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-11 08:27 - 2014-11-12 23:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 23:40 - 2014-11-10 23:41 - 00644160 _____ () C:\Users\Administrator\Downloads\switchsetupSoftonicEN.exe
2014-11-10 16:44 - 2014-11-10 16:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-11-10 16:40 - 2014-11-10 16:40 - 04578024 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-10 10:01 - 2014-11-10 17:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
2014-11-09 11:37 - 2014-11-09 11:37 - 13708848 _____ () C:\Users\Administrator\Downloads\SysinternalsSuite(1).zip
2014-11-04 18:35 - 2014-11-04 18:35 - 00000775 _____ () C:\Users\Administrator\Downloads\Drive Update NVIDER.txt
2014-11-04 12:29 - 2014-11-04 12:29 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (3).exe.1pwp9uk.partial
2014-11-04 12:26 - 2014-11-04 12:26 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (2).exe.hjxm4kd.partial
2014-11-04 12:17 - 2014-11-04 12:19 - 00714995 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial
2014-11-04 11:58 - 2014-11-13 14:50 - 00001149 _____ () C:\Windows\~soundrecorder.dat
2014-11-03 23:36 - 2014-11-03 23:36 - 00000951 _____ () C:\Users\Administrator\Desktop\Balabolka.lnk
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\Documents\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Balabolka
2014-11-03 23:35 - 2014-11-03 23:36 - 00000000 ____D () C:\Program Files\Balabolka
2014-11-03 22:42 - 2014-11-03 23:39 - 00000000 ____D () C:\Users\Administrator\Downloads\Speach
2014-11-03 18:01 - 2014-11-03 18:03 - 31079968 _____ () C:\Users\Administrator\Downloads\Ivona_Reader_inst_wi_ne.exe
2014-11-03 17:12 - 2014-11-03 19:57 - 1092299089 _____ () C:\Users\Administrator\Downloads\ATT tts setup w audrey voice.rar
2014-11-03 16:18 - 2014-11-16 08:12 - 00017395 _____ () C:\Users\Administrator\Desktop\ABC 1 Page 9 Copy 2.txt
2014-11-03 08:25 - 2014-11-03 08:33 - 231177072 _____ () C:\Users\Administrator\Downloads\PowerDirector_3403_GM7_Patch_Patch_VDE141006-01.exe
2014-11-02 16:09 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2014-11-02 15:57 - 2014-11-02 15:57 - 00002169 _____ () C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2014-11-02 15:57 - 2014-11-02 15:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 15:31 - 2014-11-02 15:31 - 00002201 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-11-02 15:31 - 2014-11-02 15:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-02 15:28 - 2014-11-02 15:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-02 15:24 - 2014-11-12 23:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-02 15:21 - 2014-11-02 15:21 - 00064218 _____ () C:\Users\Administrator\Documents\cc_20141102_142119.reg
2014-11-02 10:22 - 2014-11-02 10:22 - 00680956 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
2014-11-02 09:50 - 2014-11-02 10:00 - 01029080 _____ (CyberLink) C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-11-02 09:45 - 2014-11-02 09:48 - 00001007 _____ () C:\Users\test\Desktop\CyberLink_update 3625.lnk
2014-11-01 09:56 - 2014-11-01 09:57 - 08857025 _____ () C:\Users\Administrator\Downloads\A Time To Kill Trailer.mp4
2014-10-31 18:04 - 2014-11-12 11:22 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-10-31 18:04 - 2014-10-31 18:04 - 00000000 ____D () C:\ProgramData\eSellerate
2014-10-31 17:46 - 2014-10-31 17:46 - 00039542 _____ () C:\Users\Administrator\Documents\cc_20141031_164610.reg
2014-10-31 16:55 - 2014-11-04 18:35 - 00000000 ____D () C:\Users\Administrator\Downloads\Power Direct
2014-10-29 22:02 - 2014-10-29 22:02 - 00000841 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-10-28 11:30 - 2014-10-28 11:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Nuance
2014-10-25 15:40 - 2014-10-25 15:40 - 00011896 _____ () C:\Users\Administrator\Documents\cc_20141025_154032.reg
2014-10-25 12:08 - 2014-10-25 12:08 - 02365840 _____ () C:\Users\Administrator\Downloads\SecurityTaskManager_Setup.exe
2014-10-25 08:17 - 2014-10-25 08:17 - 00003447 _____ () C:\Users\Administrator\Downloads\Win7 Editions.txt
2014-10-22 20:12 - 2014-10-22 20:12 - 00484864 _____ (Dicolab B.V.) C:\Users\Administrator\Downloads\TeamPlayer3Connect.exe
2014-10-21 16:42 - 2014-10-21 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Cool Record Edit Pro

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 11:59 - 2013-11-02 21:34 - 01799715 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 11:59 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 11:59 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 11:58 - 2010-11-21 07:01 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 11:54 - 2014-10-06 23:00 - 00195468 _____ () C:\Windows\setupact.log
2014-11-19 11:54 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 11:53 - 2014-10-06 22:52 - 00076004 _____ () C:\Windows\PFRO.log
2014-11-19 11:53 - 2014-10-06 22:52 - 00002403 _____ () C:\Windows\errord.log
2014-11-19 11:53 - 2011-05-13 18:15 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-11-19 11:53 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\security
2014-11-19 11:45 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2014-11-19 09:51 - 2014-02-27 13:45 - 00015728 _____ () C:\Users\Administrator\Desktop\Provisor.txt
2014-11-18 14:03 - 2013-03-19 20:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-18 01:45 - 2014-02-28 10:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-18 01:45 - 2014-02-28 10:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-17 18:32 - 2013-11-03 17:00 - 00007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-11-16 15:24 - 2012-07-26 00:00 - 00942080 ___SH () C:\Users\Administrator\Desktop\Thumbs.db
2014-11-16 15:09 - 2012-08-06 14:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-11-16 10:19 - 2014-08-29 11:28 - 00000000 ___RD () C:\Users\Administrator\Downloads\Toto-FrancocCiccio
2014-11-16 09:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Windows\Lhsp
2014-11-16 08:51 - 2013-07-19 22:04 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-15 11:06 - 2013-11-03 14:47 - 00141312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:03 - 2012-01-20 12:07 - 00000000 ____D () C:\Windows\pss
2014-11-15 10:49 - 2009-07-14 14:33 - 03943296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 10:48 - 2011-04-12 12:24 - 00000000 ____D () C:\Windows\CSC
2014-11-15 00:52 - 2012-05-14 00:14 - 00000000 ____D () C:\Windows\ERDNT
2014-11-14 18:50 - 2013-11-03 12:31 - 00000000 ____D () C:\Program Files\Software Remove Master
2014-11-14 12:10 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-13 10:44 - 2012-01-17 10:50 - 00001009 _____ () C:\Windows\Brpfx04a.ini
2014-11-12 23:18 - 2013-11-20 17:15 - 00000564 _____ () C:\Users\Administrator\Downloads\fg.ini
2014-11-12 23:17 - 2014-01-11 00:56 - 00002952 _____ () C:\Windows\Sandboxie.ini
2014-11-12 23:07 - 2014-10-16 23:10 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-11-12 11:22 - 2012-01-17 10:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 18:36 - 2013-08-27 22:24 - 00003079 _____ () C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
2014-11-11 17:22 - 2013-08-28 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-11-10 23:08 - 2014-09-14 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-11-09 11:35 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\Administrator
2014-11-09 10:39 - 2009-07-14 12:03 - 67371008 _____ () C:\Windows\system32\config\software.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 24379392 _____ () C:\Windows\system32\config\system.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-11-09 10:39 - 2009-07-14 12:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-09 10:38 - 2013-11-02 20:37 - 12845056 _____ () C:\Users\Administrator\ntuser.bak
2014-11-07 01:29 - 2014-03-01 11:06 - 00000000 ____D () C:\Users\Administrator\Downloads\IVONA Voices 2 (1.6.63)
2014-11-06 19:43 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 19:07 - 2014-01-25 11:50 - 01509888 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2014-11-04 12:04 - 2014-09-22 21:26 - 00000000 ____D () C:\Program Files\Free Sound Recorder
2014-11-03 12:34 - 2014-09-22 21:27 - 00000000 ____D () C:\Users\Administrator\Documents\Free Sound Recorder
2014-11-03 08:09 - 2013-11-21 16:37 - 00015682 _____ () C:\Users\Administrator\Downloads\fghelp_en.htm
2014-11-02 16:02 - 2012-07-30 10:34 - 00000056 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_654
2014-11-02 15:58 - 2013-07-19 21:45 - 00000000 ____D () C:\ProgramData\install_clap
2014-10-29 22:03 - 2013-06-24 19:55 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2014-10-29 22:02 - 2013-11-13 12:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2014-10-28 13:44 - 2014-03-07 12:58 - 00000000 ____D () C:\Pdfedit
2014-10-28 11:53 - 2014-10-03 13:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Tracker Software
2014-10-28 11:30 - 2013-08-22 12:17 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-28 11:11 - 2013-08-27 10:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nuance
2014-10-27 23:35 - 2014-09-29 18:47 - 00000000 ____D () C:\Users\Administrator\Desktop\Temp Wagener
2014-10-22 09:27 - 2013-11-04 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 12:42

==================== End Of Log ============================

 

 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 CCleaner     
 Adobe Flash Player     15.0.0.223  
 Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 3219640320, free: 1641631744

Downloaded database version: v2014.11.18.09
Downloaded database version: v2014.11.18.01
Initializing...
======================
------------ Kernel report ------------
     11/19/2014 10:15:39
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\DRIVERS\oem-drv86.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\oodisrh.sys
\SystemRoot\system32\DRIVERS\oodivdh.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\oodivd.sys
\SystemRoot\system32\DRIVERS\oodisr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86e01030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xffffffff85fae908
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86dfe030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xffffffff85fa1908
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86dfa7f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xffffffff86907030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86dfa7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86dfced8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff86dfb348, DeviceName: Unknown, DriverName: \Driver\oodisr\
DevicePointer: 0xffffffff86dfbf00, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff86dfa4d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86dfa7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86df91f8, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff86cd7c10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86907030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\oodisr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Scan Interrupted
Scan was aborted.
Initializing...
======================
------------ Kernel report ------------
     11/19/2014 10:17:21
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\DRIVERS\oem-drv86.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\oodisrh.sys
\SystemRoot\system32\DRIVERS\oodivdh.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\oodivd.sys
\SystemRoot\system32\DRIVERS\oodisr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff86e01030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xffffffff85fae908
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86dfe030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xffffffff85fa1908
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86dfa7f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xffffffff86907030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86dfa7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86dfced8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff86dfb348, DeviceName: Unknown, DriverName: \Driver\oodisr\
DevicePointer: 0xffffffff86dfbf00, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff86dfa4d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86dfa7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86df91f8, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff86cd7c10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86907030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\oodisr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\vmci.sys --> [Forged file]
File C:\WINDOWS\SYSTEM32\drivers\vmci.sys will be destroyed
File C:\WINDOWS\SYSTEM32\drivers\vmx_svga.sys --> [Forged file]
File C:\WINDOWS\SYSTEM32\drivers\vmx_svga.sys will be destroyed
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BFBBC8F1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 272813782
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 272815830  Numsec = 352321515

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86dfe030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86dff730, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff86dffc50, DeviceName: Unknown, DriverName: \Driver\oodisr\
DevicePointer: 0xffffffff86dfed10, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff86dfd280, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86dfe030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86dfde78, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8691d7c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85fa1908, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\oodisr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 33091F32

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976773105
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff86e01030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86e02608, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff86e02bc8, DeviceName: Unknown, DriverName: \Driver\oodisr\
DevicePointer: 0xffffffff86e01da0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff86e00140, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86e01030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86e00b38, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff85fae908, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\oodisr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4FE0168

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files\TNod User & Password Finder\uninst-tnod.exe --> [Trojan.Agent.CK]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TNod --> [Trojan.Agent.CK]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 

 

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.18.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17358
Administrator :: KHAN [administrator]

11/19/2014 10:17:41 AM
mbar-log-2014-11-19 (10-17-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 409685
Time elapsed: 27 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TNod (Trojan.Agent.CK) -> Delete on reboot. [e1607dc0bfbdda5c09415905bf46ee12]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Delete on reboot. [e1607dc0bfbdda5c09415905bf46ee12]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.18.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17358
Administrator :: KHAN [administrator]

11/19/2014 10:16:02 AM
mbar-log-2014-11-19 (10-16-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 43
Time elapsed: 51 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 November 2014 - 09:26 PM

Hi soloio,

Please do not add or remove any programs while we are attempting to clean your computer. Doing so may delay our progress. I appreciate your cooperation. :thumbup:

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt




Start
CloseProcesses:
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: YBYFGZAO => 3
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
S4 AJTBBNQOH; C:\Users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe [X]
S4 DXDXHUUIPT; C:\Users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe [X]
S4 ESZIRRKTB; C:\Users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe [X]
S4 GHEXLJESSYJZJFFD; C:\Users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe [X]
S4 GIFNPEGD; C:\Users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe [X]
S4 HNFOEA; C:\Users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe [X]
S4 IPYGNV; C:\Users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe [X]
S4 YBYFGZAO; C:\Users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe [X]
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
2014-11-19 11:45 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Reboot if requested to do so.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • new FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 November 2014 - 02:04 AM

Hello OCD I staffed up SORRY

I have uninstalled u Torrent as suggested

I have not installed uninstalled any programs since you started cleaning

 

I have copied and pasted your fix in to notepad and saved to the desktop

I Run FRST and pressed FIX once, the program said running fix please wait ???

It closed the webpage that I was reading your instruction and the notepad that I had left open after saving to desktop

 

I did not understand if I should have pasted in the program or add a path to the notepad FIX, I did neither of that, (I am not very tec)

 

The scan went for a bit, not much activities on computer, I waited 40 minutes no activities or change and some 10 minutes before I started to look at the time

 

I decided to open notepad with the fix on the desktop to see if would change

 

I could not open notepad but my window froze, after some 15 minutes I wanted to open task manager to close program by clicking Ctrl Alt Delete, it did not open,

I click start button did not work

 

The only option I had  was to restart computer by pressing re-set button

After restart I looked on desktop and found this file attacked with this reply I did not see produce or open this file.

 

I did not run anything else or other scanners

 

Awaiting further instructions on how to proceed, SORRY

 

Thank you for your help

 

 

Fixlog - Notepas

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014
Ran by Administrator at 2014-11-19 15:51:29 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: YBYFGZAO => 3
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
S4 AJTBBNQOH; C:\Users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe [X]
S4 DXDXHUUIPT; C:\Users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe [X]
S4 ESZIRRKTB; C:\Users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe [X]
S4 GHEXLJESSYJZJFFD; C:\Users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe [X]
S4
GIFNPEGD; C:\Users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe [X]
S4 HNFOEA; C:\Users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe [X]
S4 IPYGNV; C:\Users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe [X]
S4 YBYFGZAO; C:\Users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe [X]
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
2014-11-19 11:45 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
EmptyTemp:
End
*****************

Processes closed successfully.
MSCONFIG\Services: AJTBBNQOH => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: DXDXHUUIPT => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: ESZIRRKTB => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: GIFNPEGD => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: HNFOEA => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: IPYGNV => 3 => Error: No automatic fix found for this entry.
MSCONFIG\Services: YBYFGZAO => 3 => Error: No automatic fix found for this entry.

 



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 November 2014 - 09:18 AM

Hi soloio,

bullseye_zpse9eaf36e.gif rkill

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • rkill log
    • ComboFix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 November 2014 - 05:00 PM

HI! OCD

here are the logs Thanks

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 11/20/2014 08:02:21 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/20/2014 08:02:30 AM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

 

 

 

ComboFix 14-11-18.01 - Administrator 11/20/2014   8:33.29.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1359 [GMT 10:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-19 to 2014-11-19  )))))))))))))))))))))))))))))))
.
.
2014-11-19 22:43 . 2014-11-19 22:43    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-11-19 22:43 . 2014-11-19 22:43    --------    d-----w-    c:\users\test\AppData\Local\temp
2014-11-19 22:43 . 2014-11-19 22:43    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-11-19 22:43 . 2014-11-19 22:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-19 01:55 . 2014-11-19 01:55    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C317E892-C1A9-4072-B7F1-2FB1C49DD39F}\offreg.dll
2014-11-19 00:15 . 2014-11-19 01:45    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-19 00:15 . 2014-11-19 00:17    115928    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 06:44 . 2014-11-19 05:51    --------    d-----w-    C:\FRST
2014-11-14 23:58 . 2014-11-19 06:51    --------    d-----w-    c:\windows\system32\wbem\repository
2014-11-14 16:39 . 2014-11-14 16:39    --------    d-----w-    C:\RegBackup
2014-11-14 14:32 . 2014-11-14 14:32    --------    d-----w-    c:\program files\Tweaking.com
2014-11-14 09:04 . 2014-11-14 13:02    --------    d-----w-    C:\AdwCleaner
2014-11-12 04:39 . 2014-11-12 04:39    --------    d-----w-    c:\program files\Speccy
2014-11-12 03:15 . 2014-11-12 03:15    --------    d-----w-    c:\windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 02:48 . 2014-11-12 02:48    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Oracle
2014-11-11 07:37 . 2014-11-11 07:37    --------    d-----w-    c:\program files\Common Files\Olympus Shared
2014-11-11 07:32 . 2014-11-12 01:12    --------    d-----w-    c:\program files\The FTW Transcriber
2014-11-11 02:07 . 2014-11-19 00:10    79576    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-10 23:31 . 2014-11-10 23:31    --------    d-----w-    c:\programdata\AVS4YOU
2014-11-10 23:30 . 2014-11-10 23:30    --------    d-----w-    c:\users\Administrator\AppData\Roaming\AVS4YOU
2014-11-10 23:29 . 2014-11-12 03:36    --------    d-----w-    c:\program files\Common Files\AVSMedia
2014-11-10 23:29 . 2014-11-12 03:36    --------    d-----w-    c:\program files\AVS4YOU
2014-11-03 13:36 . 2014-11-03 13:36    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Balabolka
2014-11-03 13:35 . 2014-11-03 13:36    --------    d-----w-    c:\program files\Balabolka
2014-11-02 06:09 . 2014-11-12 13:13    --------    d-----w-    c:\users\Administrator\AppData\Roaming\CyberLink
2014-11-02 05:28 . 2014-11-02 05:57    --------    d-----w-    c:\program files\CyberLink
2014-11-02 05:24 . 2014-11-12 13:13    --------    d-----w-    c:\programdata\CyberLink
2014-10-31 08:04 . 2014-11-12 01:22    --------    d-----w-    c:\programdata\SmartSound Software Inc
2014-10-31 08:04 . 2014-10-31 08:04    --------    d-----w-    c:\programdata\eSellerate
2014-10-28 01:30 . 2014-10-28 01:30    --------    d-----w-    c:\users\Administrator\AppData\Local\Nuance
2014-10-21 06:42 . 2014-10-21 06:43    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Cool Record Edit Pro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-19 06:51 . 2011-05-13 08:15    28160    ----a-w-    c:\windows\system32\drivers\oem-drv86.sys
2014-11-17 15:45 . 2014-02-28 00:15    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-17 15:45 . 2014-02-28 00:15    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-16 08:42 . 2014-10-16 08:42    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-14 04:04 . 2014-10-14 04:04    98928    ----a-w-    c:\windows\system32\drivers\vmci.sys.dump
2014-10-14 04:04 . 2014-10-14 04:04    63920    ----a-w-    c:\windows\system32\drivers\vmx_svga.sys.dump
2014-10-13 08:55 . 2013-11-01 16:09    162816    ----a-w-    C:\DUMP47a9.tmp
2014-10-10 01:44 . 2014-10-15 15:11    230912    ----a-w-    c:\windows\system32\generaltel.dll
2014-10-10 01:44 . 2014-10-15 15:11    396288    ----a-w-    c:\windows\system32\aepdu.dll
2014-10-10 01:39 . 2014-10-15 15:11    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-10-04 02:04 . 2012-07-17 04:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-29 00:41 . 2014-10-15 13:15    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-09-25 22:32 . 2014-10-15 15:11    2017280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-09-25 01:40 . 2014-10-15 13:15    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 01:25 . 2014-10-15 15:11    4201472    ----a-w-    c:\windows\system32\jscript9.dll
2014-09-19 01:14 . 2014-10-15 15:11    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-19 01:14 . 2014-10-15 15:12    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02 . 2014-10-15 15:12    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-09-19 01:01 . 2014-10-15 15:11    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-19 01:01 . 2014-10-15 15:12    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59 . 2014-10-15 15:11    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50 . 2014-10-15 15:12    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-19 00:50 . 2014-10-15 15:12    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49 . 2014-10-15 15:11    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-09-19 00:44 . 2014-10-15 15:12    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36 . 2014-10-15 15:12    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18 . 2014-10-15 15:11    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59 . 2014-10-15 15:12    1810944    ----a-w-    c:\windows\system32\wininet.dll
2014-09-18 01:32 . 2014-10-15 15:06    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-09-14 23:06 . 2011-12-08 03:54    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-13 01:40 . 2014-10-15 13:14    67072    ----a-w-    c:\windows\system32\packager.dll
2014-09-09 21:47 . 2014-09-28 23:21    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 01:24 . 2014-10-15 13:37    8806800    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C317E892-C1A9-4072-B7F1-2FB1C49DD39F}\mpengine.dll
2014-09-04 05:04 . 2014-10-15 15:11    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-08-27 14:13 . 2014-08-27 14:13    194048    ----a-w-    c:\windows\system32\elshyph.dll
2014-08-27 14:13 . 2014-08-27 14:13    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-08-27 14:13 . 2014-08-27 14:13    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2014-08-27 14:13 . 2014-08-27 14:13    182272    ----a-w-    c:\windows\system32\msls31.dll
2014-08-27 14:13 . 2014-08-27 14:13    62464    ----a-w-    c:\windows\system32\tdc.ocx
2014-08-27 14:13 . 2014-08-27 14:13    337408    ----a-w-    c:\windows\system32\html.iec
2014-08-27 14:13 . 2014-08-27 14:13    24576    ----a-w-    c:\windows\system32\licmgr10.dll
2014-08-27 14:13 . 2014-08-27 14:13    151552    ----a-w-    c:\windows\system32\iexpress.exe
2014-08-27 14:13 . 2014-08-27 14:13    139264    ----a-w-    c:\windows\system32\wextract.exe
2014-08-27 14:13 . 2014-08-27 14:13    13312    ----a-w-    c:\windows\system32\mshta.exe
2014-08-27 14:13 . 2014-08-27 14:13    86016    ----a-w-    c:\windows\system32\iesysprep.dll
2014-08-27 14:13 . 2014-08-27 14:13    74240    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-08-27 14:13 . 2014-08-27 14:13    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-08-27 14:13 . 2014-08-27 14:13    36352    ----a-w-    c:\windows\system32\imgutil.dll
2014-08-27 14:13 . 2014-08-27 14:13    111616    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-08-23 01:46 . 2014-08-28 11:32    305152    ----a-w-    c:\windows\system32\gdi32.dll
2004-05-13 02:26 . 2004-05-13 02:26    84784    ----a-w-    c:\program files\fciv.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2013-02-21 11:49    100656    ----a-w-    c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"~rmvtxrr"="c:\users\Administrator\Downloads\fg742p.exe" [2013-11-20 2115360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 543432]
"Lync"="c:\program files\Microsoft Office\Office15\lync.exe" [2014-07-27 19049112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-24 1075296]
"AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-20 472992]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
backup=c:\windows\pss\Send to OneNote.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
.
R0 hcov;hcov;c:\windows\System32\drivers\werlmk.sys [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-08-19 2282272]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-22 172192]
R2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe [2014-08-21 278016]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-11-16 167968]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2013-10-02 174592]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2013-09-17 47360]
R3 pimou;Pluralinput Mouse 0.8.6;c:\windows\system32\DRIVERS\pimou.sys [2013-11-30 20808]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-02 1343400]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-11-16 3246040]
R4 AJTBBNQOH;AJTBBNQOH;c:\users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe [x]
R4 DXDXHUUIPT;DXDXHUUIPT;c:\users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe [x]
R4 ESZIRRKTB;ESZIRRKTB;c:\users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe [x]
R4 GHEXLJESSYJZJFFD;GHEXLJESSYJZJFFD;c:\users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe [x]
R4 GIFNPEGD;GIFNPEGD;c:\users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe [x]
R4 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run [x]
R4 HNFOEA;HNFOEA;c:\users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe [x]
R4 IPYGNV;IPYGNV;c:\users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe [x]
R4 YBYFGZAO;YBYFGZAO;c:\users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-19 115928]
S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2014-11-19 28160]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2012-10-23 98064]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2012-10-23 29456]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2012-10-23 209168]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2012-10-23 32528]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-11-16 752128]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-16 83392]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-09-24 37664]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-08-15 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-08-15 134248]
S2 DisplayFusionService;DisplayFusionService;c:\program files\DisplayFusion\DisplayFusionService.exe [2014-06-18 5179760]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-08-15 122376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2013-02-21 4772144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,65,87,ab,51,e5,35,4c,8f,7f,1d,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,65,87,ab,51,e5,35,4c,8f,7f,1d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (Administrator)
"2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,65,87,ab,51,e5,35,4c,8f,7f,1d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="998C774F1938E028D1CAD09DB27A7C7334DD4A11681C70262B29BDF44A1B36F0BBD88914312BF70BA4F1C89C2977CAF796BE96446BB0FC9A6F88E5CCEA70F91B921EE9C86AE73099C7A989BD2D6098B1B0DF670EAB0EBE54CA747836602B6064FC5F2AD8A4709FB3C0FC189B96CD3D3ED370D3539700EA4A75DE3B0354EDA2BF3D775FA2E05C9F687DC9F841E06B546B33F271EE46E87D280E9176F915EEBDD67A122479C757CE7E4A4239AEAD7ABC3A683EDB2CEEBDB8CC9529F5D3957773843E3015A522A08EEF5D6A65D83E4D19E26F7CB3CB7007204DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CA6171C11EC38DE3DA6A0AC4980AC79339230C41352DB44A0A405C2D63EAC803E510C2F8359F9347C0F57768564FDB2D80C6586456F1EA25F9DCBDA9E0F38107D443011122A428A273D8F8FDA573ED4C9A7553AC3C0772014B2C9BA5AA313DB0663C2D864D9F516D8E5325C32F3EBE9B3F0FB86BAE132782D379E1A0332BE80A16A2BEC5FD5E8F3D9CD0F140081532E7AD6AD164A14AFABCC64C2B30612515D51FBA53C5FAF8606261F46F6A96B52A5382D0D9705BA65FCC95680C645C07297489DC035B01C4D70EEE9CAC48BBFDC953A2C94BD745D5AF12F8EF61894DF60186E37614E16F6CE9B989FE6C372B17A08826D14BF94282AD73B6F19EF3E336C885E183FFE44BDB2B63B9637BDA399C6CA46712C57D4EA873C5F422C18FC257B5B6870E5C4679131322388AC0056EF6F716E1CD1C39A9934F244344C6183C086431056B59F1C3A1A4252150C5DB3D4B8D19A334F47BB4C8914C254E71FF7B71D390BC2E115759E4F61FB3EEC2ADB8C7A841AE343A8853E7478E998422970DFDD79481371ADF7CE474B89EABEC0E0FA9F69F2BB9E32B75173417C57F1DB7CB0FE836488C0F49E7B8B0317653FFDCBAD27A1DFB026B307071DD0704FE0159C48491BB4C880FC587CBBCC74DA04C494522514CC1875FD9A87974D7020CF3A44E61BC93F5EB3D8844988B0275E77F82E3BBEE95C2DFAEA0EA0A0245C4DCEB15E71E45B40B4B1A27B02B97C67665506F7E0B112E390F5D073410803C4BEC6E7C6EF2CDE281EA7F587E5A842A1CEAD59CB5DCB3FEBC5FC91CCFBB1DCF04370CBCF118A2A19509374E4DDC257F553E5E3726F71E53433FA0F928A16E9DA89DDD13D252D54EAE3CA4246720DD2BA98379B2D7A99422BA4AC2FB148C125B2266E7048A054B92A57F30853501B14F5A22E792D844E5079C9245D89B3D44C5913DB251E9C5679158B0BF1234B18BBE5DEAA7C9939AFD376B64888EDF20463E62AAEEE60D51D799FC4E032C5D8432EFA1A63250E67715231E050A2A64D1733A3AC4550A32DA46172AE18FABC92EC14D8"
.
Completion time: 2014-11-20  08:46:23
ComboFix-quarantined-files.txt  2014-11-19 22:46
.
Pre-Run: 54,470,918,144 bytes free
Post-Run: 54,305,484,800 bytes free
.
- - End Of File - - 9CB1C3BBE2DF9C3A7FF237A0D6117181
A36C5E4F47E84449FF07ED3517B43A31


 



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 November 2014 - 09:36 PM

Hi soloio,

bullseye_zpse9eaf36e.gif ComboFix Script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the code-box below into it:
File::
c:\users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe
c:\users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe
c:\users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe
c:\users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe
c:\users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe
c:\users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe
c:\users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe
c:\users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe

Driver::
AJTBBNQOH
DXDXHUUIPT
ESZIRRKTB
GHEXLJESSYJZJFFD
GIFNPEGD
HNFOEA
IPYGNV
YBYFGZAO

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • ComboFix.txt
  • new FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 20 November 2014 - 08:47 AM

HI! OCD

After running ConboFix computer failed to start when windows first screen appears it restarts

I had to run windows repair even then took a few restart

I restarted ComboFix failed to restart, eventually restarted

I scanned with FRST

Here are the logs

Sorry for giving you a hard time with my problems

 

PS before that I did not notice any problems, Internet explorer and FireFox seems to work OK

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by Administrator at 2014-11-21 00:21:47
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2411852452-117403543-12125213-500\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Acronis True Image Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM\...\AU10_is1) (Version: 10 - Innovative Solutions)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.3.0.0 - SlySoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AZARDI (HKLM\...\AZARDI_is1) (Version:  - Infogrid Pacific Pte. Ltd.)
Balabolka (HKLM\...\Balabolka) (Version: 2.10.0.575 - Ilya Morozov)
Brother MFL-Pro Suite MFC-790CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Classic Menu for Office Enterprise 2010 and 2013 v5.85 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.85 - Addintools)
Contents (Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
CyberLink PowerDirector 12 (HKLM\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3403.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 6.0 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.0.0.0 - Binary Fortress Software)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{6DCA86D6-F197-41B7-BD33-43E32A15A41E}) (Version: 7.0.302.0 - ESET, spol s r. o.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free Sound Recorder v9.7.5 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)
Freeware PDF Unlocker (HKLM\...\{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}) (Version: 1.0.4 - SMTguru)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
ICA (Version: 16.0.0.106 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IPM_VS_Pro (Version: 16.0 - Corel Corporation) Hidden
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
L&H TTS3000 Italiano (HKLM\...\LHTTSITI) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nero 12 (HKLM\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}) (Version: 7.0.144 - O&O Software GmbH)
OlympusCodecs (HKLM\...\{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}) (Version: 1.0.1 - Olympus)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version:  - )
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Setup (Version: 16.0.0.106 - Corel Corporation) Hidden
Share (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Remove Master v5.0.1.3 (HKLM\...\Software Remove Master_is1) (Version:  - CareWindows)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (32-bit) (HKLM\...\{48C4B49D-F876-4969-BF74-319EF3601A35}) (Version: 1.5.1 - The Synergy Project)
The FTW Transcriber version 3.1 (HKLM\...\{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1) (Version: 3.1 - The Tyger Valley Systems, Inc.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Ultimate Paint 2.88 Freeware Edition (HKLM\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.3 - fCoder Group, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VSClassic (Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (Version: 16.0.0.106 - Corel Corporation) Hidden
VSUltimate (Version: 16.0.0.106 - Corel Corporation) Hidden
VT-Bridget-M16-SAPI5 (HKLM\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
VT-Julie-M16-SAPI5 (HKLM\...\{C496F7CD-ED09-4D8D-872E-3470D4717714}) (Version:  - )
VT-Kate-M16-SAPI5 (HKLM\...\{9FAD67A7-3A4E-4754-AAC4-0397F370611D}) (Version:  - )
VT-Paul-M16-SAPI5 (HKLM\...\{942DF6BD-E4F2-4915-B4FB-09C02B71284F}) (Version:  - )
Welcome App (Start-up experience) (Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows Driver Package - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordPerfect Office X6 - Common Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (Version: 16.0 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.318 - Corel Corporation)
WordPerfect Office X6 (Version: 16.0 - Corel Corporation) Hidden
Youtube Downloader HD v. 2.9.6 (HKLM\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-11-2014 07:36:50 Installed OlympusCodecs
12-11-2014 01:21:45 Removed SmartSound Quicktracks 5
12-11-2014 03:14:36 Removed NVIDIA PhysX
12-11-2014 03:19:13 Removed OlympusCodecs
12-11-2014 08:11:41 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
14-11-2014 08:03:12 Removed OlympusCodecs
14-11-2014 08:25:36 Removed OlympusCodecs
16-11-2014 00:52:47 Removed Java 7 Update 71
19-11-2014 01:45:05 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-30 10:34 - 2014-11-20 23:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CA6C9D-7CCC-428E-914C-F01421A85CBE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {08038180-7575-4743-AA20-957747EA1DF7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A897EC5-DB50-4E03-BBE3-D57A5A794189} - System32\Tasks\{2C3F50B1-D54D-40CA-992C-830EB5627BDF} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {10EF8F74-69C8-4E4F-BA9B-5DD716CE1EB4} - System32\Tasks\{3DCA905C-CBBF-424C-B155-5B0162A152CF} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {178909FA-264A-49EC-8FF2-9C56A9B13A2A} - System32\Tasks\{742B0DA6-B0BA-407B-AD13-2EF45C8B5136} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {19460C60-1E2E-4918-94E0-D512C0E5756F} - System32\Tasks\{61D2098D-AB2E-4155-BBA6-7175DCC19796} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {1BF0892A-A768-4CE9-8296-BD0AF0E558DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1D7F019C-D419-49C7-BAA0-A577C33B19D2} - System32\Tasks\{FF074E76-79B5-407D-A341-07E6BACAC239} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {1F4B18E4-27FA-4888-8A92-440059244BC2} - System32\Tasks\{C27BEF35-AF2F-476D-A7BB-2D58CADB4917} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {215EBB15-4A20-4933-A901-C46A6D3B1991} - System32\Tasks\{97E53D3C-1CE8-43C9-9697-2354A5E7825F} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {28455495-D1FC-4558-B070-A172B5334163} - System32\Tasks\{92123959-9F6E-472B-9509-79B7C22FE5A1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {2FB16726-0240-4074-A381-4DA5AC038384} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31CFD816-5E6E-4F8E-B71B-2F6344CDA3D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3967B16F-08ED-4990-9728-2855AA26C8D3} - System32\Tasks\{C49E02A8-FD5A-45A2-ABA7-BD66E3C3D11D} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3A82721C-EA39-4C5C-A69A-93943D12BF94} - System32\Tasks\{77975FFD-B173-4AF2-9A64-88D2367B638D} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3AE87692-B99B-436C-8320-9FC7ABBADC3D} - System32\Tasks\{19747C34-5D7E-4DBB-8F29-E0CA714F7341} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3EE8C6D0-1AAC-4ADE-A363-A2DC7FC8AA98} - System32\Tasks\{96E49231-874F-45BB-8C30-8177DF641A49} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {4389A372-FC61-40B0-85C6-475415D624A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {456C2A4E-9180-4F04-9560-3E28BB018C68} - System32\Tasks\{70259839-3263-4456-B23D-D5F4D1BE7C16} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {47939221-4A52-4194-B085-AEB2A6C2103D} - System32\Tasks\{5BE0F675-129F-4995-8F06-03EF74B0F692} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {498FCE60-CBFB-49F4-B48A-B54F9194969F} - System32\Tasks\{D09C7287-B757-40E0-9BAB-29FB2DBBA8FE} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {4F43426A-4609-4EAB-A61C-7A5DF5B99125} - System32\Tasks\{858FB472-5CEA-4FBD-9E72-65DEC715A7C5} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {528711F2-1C72-448D-B5EF-37927EADCC31} - System32\Tasks\{F2848B54-0B33-4407-AA89-F92FC745D459} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {56410E59-C3B1-40F8-B0FD-674254FBA0E7} - System32\Tasks\{F12BB17B-8534-4DF4-9B6F-3E475FFDE5B8} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {56DBD133-FF99-443B-B8AC-3ECC426B958F} - System32\Tasks\{598A64E4-9B31-4706-8E5E-1DE0A59292E0} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {5ADDB58B-CD32-4C7A-8C67-0F33C2AFEB36} - System32\Tasks\{26F8E065-2C28-4787-8086-ADFEA2845C6F} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {5EE847CB-FE75-4CF1-BED6-837AC7159F2D} - System32\Tasks\{8EA4414C-54BF-4BB7-A44E-9BC521BDBF4A} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {67F58E9F-0BE3-4687-A0CB-793072C765CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C2214C5-1FB9-4BF9-AB41-F112C323F6AE} - System32\Tasks\{80F3845C-3C92-4898-A9FF-0B5EE604DF07} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {6F868CB2-B24A-4870-B985-C710DDCDC3DF} - System32\Tasks\{7F916CCC-7C8F-478B-918C-C6D255DF3C96} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {759A20CA-2CC1-463C-AB2B-5F20ECA69237} - System32\Tasks\{B5CEC5F3-64B5-4680-9DBB-B24E00ED9E93} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {7BAEB8C8-16A9-4298-B4B6-FFFF2392075A} - System32\Tasks\{2B5DC53E-0AB1-4FD5-8376-F45831513321} => G:\Programs\A0184583.exe [2005-04-01] ()
Task: {7D614EE3-9D66-423F-88D0-D80F9C23C979} - System32\Tasks\{57E60407-B0FB-4D1B-A1C4-5157608AB94C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {82BF0377-0F7E-46FD-B45F-93885DF2B269} - System32\Tasks\{D92EDE2F-6ECB-46C4-AF2C-088BB3266C49} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv.msi"
Task: {8958F3FB-5EC7-4C63-A8DE-994597FE8189} - System32\Tasks\{D3D4DB0C-580C-46D9-89E1-68B5B9259E28} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {91D6F716-06D8-4DE8-9FF0-8B38127F071F} - System32\Tasks\{0884BF43-CAEA-4028-8EF9-6A43F9CBAF4B} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {955F58A1-9B56-4134-8B00-E6A24D152E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe
Task: {9A3EED12-48B7-4FDE-89E1-211C2A81374F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9A8DEEF7-5879-417B-8910-817C62E257AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {9ABF9E49-9B3F-404E-ACE9-EFD7E06AAAD1} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files\NCH Software\Express\Express.exe
Task: {AA318FA1-575A-463F-800F-6EC8A9EE1A5B} - System32\Tasks\{72F5C9F6-BF43-44FA-9C9B-1A414EA26E18} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {B238A0AF-4B8B-4A9D-BB66-143A4F70B525} - System32\Tasks\{8821CE3A-A714-4E0B-A8B5-EC7D64AD924C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B4CDFFB2-7FA3-4BFC-BA1B-C987763795D5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B56E7DDF-9ADE-44EA-8840-2D695C4A8E60} - System32\Tasks\{43022584-1FB3-433D-9BAE-856426CFDAD2} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B8F2760C-C46E-4C21-92A2-6557BB1FD4D3} - System32\Tasks\{24586FE0-83FE-4FFF-A59B-8D6F461E0ADB} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {CB4AE861-A16A-4CDA-B2C8-24CC42C82E9E} - System32\Tasks\{8D73619E-884E-4B2A-8690-FD2E6744D2B1} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {CC1103FC-DB87-4860-9806-36E7FBAF2877} - System32\Tasks\{2F4F007B-B337-4BAA-8835-96B7597EEF1B} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {CDB8BC96-F444-4126-B8E6-6CA7B495D9F8} - System32\Tasks\{2D8604A9-1DAA-4D11-8018-32C0E45AC2A0} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {D29B7288-C0C9-4911-B299-CF880AC73D80} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D41851D3-61ED-48E6-A243-9D9E3328A3BE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KHAN-Administrator Khan => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D536B505-EAD3-40B0-B781-AE2AE206BB2D} - System32\Tasks\{253E0BCE-68AC-4F7D-93E9-5435C5EE38F9} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {E0776124-DEBD-4C63-8257-342A6D883336} - System32\Tasks\{6A9758CB-785E-439C-9C1B-2238CECA5BF2} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {E4E34B87-A337-4D5C-A121-49066069A29C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EAFB4792-2E9F-4098-AF9B-6700216F9A04} - System32\Tasks\{37343038-3FED-49FC-A743-8DDDFE16F4F7} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {F929BE73-A7C9-4DD4-AF4D-892ED5933594} - System32\Tasks\{575ED30B-3D7F-46C2-B023-637056BFF346} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {FBCBC6EF-D7CE-4A65-B778-D35411F56594} - System32\Tasks\{4B12E91A-5B39-42C5-B438-D29669D9D6C1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2013-11-02 20:36 - 2013-01-31 19:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-02 15:57 - 2012-08-08 22:36 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-08-21 18:20 - 2014-08-21 18:20 - 00278016 _____ () C:\Program Files\Synergy\synergyd.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-11-11 08:27 - 2014-11-11 08:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: YBYFGZAO => 3
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-2411852452-117403543-12125213-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2411852452-117403543-12125213-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2411852452-117403543-12125213-1025 - Limited - Enabled)
test (S-1-5-21-2411852452-117403543-12125213-1023 - Administrator - Enabled) => C:\Users\test
UpdatusUser (S-1-5-21-2411852452-117403543-12125213-1026 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 10:19:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8
Faulting module name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8
Exception code: 0x40000015
Fault offset: 0x00014965
Faulting process id: 0xa24
Faulting application start time: 0xmbamgui.exe0
Faulting application path: mbamgui.exe1
Faulting module path: mbamgui.exe2
Report Id: mbamgui.exe3

Error: (11/19/2014 11:34:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/19/2014 09:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14fe8

Start Time: 01d003802222269f

Termination Time: 109

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/18/2014 07:01:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b4ec

Start Time: 01d0030a956f120d

Termination Time: 134

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/18/2014 00:41:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2014 11:29:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2014 03:06:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/17/2014 02:31:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/17/2014 00:14:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2014 03:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2252, time stamp: 0x5465ba64
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x3edc
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3


System errors:
=============
Error: (11/20/2014 11:23:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/20/2014 11:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/20/2014 11:22:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:46:42 PM on ‎11/‎20/‎2014 was unexpected.

Error: (11/20/2014 10:46:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2014 10:46:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2014 10:43:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2014 10:35:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2014 10:35:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Synergy service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2014 10:15:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/20/2014 10:15:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (08/29/2013 01:42:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000496960

Error: (07/29/2013 04:20:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 3Microsoft Office PowerPoint12.0.6600.100012.0.6612.100028941320

Error: (05/23/2013 05:51:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100069484080

Error: (11/07/2012 05:42:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.101423820

Error: (11/05/2012 07:02:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10142594585760

Error: (07/30/2012 11:03:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000375300

Error: (07/14/2012 04:56:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000690403180

Error: (06/06/2012 10:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6661.500012.0.6612.1000470

Error: (02/02/2012 10:09:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.1014648300


CodeIntegrity Errors:
===================================
  Date: 2014-10-15 04:12:37.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:12:37.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 04:09:02.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 49%
Total physical RAM: 3070.49 MB
Available physical RAM: 1559.64 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4492.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:168 GB) (Free:50.06 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:130.09 GB) (Free:42.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (1TERA_10GB) (Fixed) (Total:931.51 GB) (Free:375.55 GB) NTFS
Drive g: (320D500GB) (Fixed) (Total:465.76 GB) (Free:216.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BFBBC8F1)
Partition 1: (Active) - (Size=130.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33091F32)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4FE0168)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

ComboFix 14-11-18.01 - Administrator 11/20/2014  22:35:29.29.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1942 [GMT 10:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\ADMINI~1\AppData\Local\Temp\AJTBBNQOH.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\DXDXHUUIPT.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\ESZIRRKTB.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\GHEXLJESSYJZJFFD.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\GIFNPEGD.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\HNFOEA.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\IPYGNV.exe"
"c:\users\ADMINI~1\AppData\Local\Temp\YBYFGZAO.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\ADMINI~1\AppData\Local\Temp
c:\users\ADMINI~1\AppData\Local\Temp\catchme.dll
c:\users\ADMINI~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt
c:\users\ADMINI~1\AppData\Local\Temp\LWSDebugOut.txt
c:\users\ADMINI~1\AppData\Local\Temp\Microsoft\F12\SQM\iesqmdata_f120.sqm
c:\users\ADMINI~1\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml
c:\users\ADMINI~1\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AJTBBNQOH
-------\Service_DXDXHUUIPT
-------\Service_ESZIRRKTB
-------\Service_GHEXLJESSYJZJFFD
-------\Service_GIFNPEGD
-------\Service_HNFOEA
-------\Service_IPYGNV
-------\Service_YBYFGZAO
-------\Service_AJTBBNQOH
-------\Service_DXDXHUUIPT
-------\Service_ESZIRRKTB
-------\Service_GHEXLJESSYJZJFFD
-------\Service_GIFNPEGD
-------\Service_HNFOEA
-------\Service_IPYGNV
-------\Service_YBYFGZAO
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-20 to 2014-11-20  )))))))))))))))))))))))))))))))
.
.
2014-11-20 13:24 . 2014-11-20 13:24    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C317E892-C1A9-4072-B7F1-2FB1C49DD39F}\offreg.dll
2014-11-20 12:46 . 2014-11-20 12:46    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-11-20 12:46 . 2014-11-20 12:46    --------    d-----w-    c:\users\test\AppData\Local\temp
2014-11-20 12:46 . 2014-11-20 12:46    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-11-20 12:46 . 2014-11-20 12:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-19 00:15 . 2014-11-21 05:51    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-16 06:44 . 2014-11-16 06:48    --------    d-----w-    C:\FRST
2014-11-14 23:58 . 2014-11-20 13:23    --------    d-----w-    c:\windows\system32\wbem\repository
2014-11-14 16:39 . 2014-11-14 16:39    --------    d-----w-    C:\RegBackup
2014-11-14 14:32 . 2014-11-14 14:32    --------    d-----w-    c:\program files\Tweaking.com
2014-11-14 09:04 . 2014-11-14 13:02    --------    d-----w-    C:\AdwCleaner
2014-11-12 04:39 . 2014-11-12 04:39    --------    d-----w-    c:\program files\Speccy
2014-11-12 03:15 . 2014-11-12 03:15    --------    d-----w-    c:\windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 02:48 . 2014-11-12 02:48    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Oracle
2014-11-11 07:37 . 2014-11-11 07:37    --------    d-----w-    c:\program files\Common Files\Olympus Shared
2014-11-11 07:32 . 2014-11-12 01:12    --------    d-----w-    c:\program files\The FTW Transcriber
2014-11-11 02:07 . 2014-11-19 00:10    79576    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-10 23:31 . 2014-11-10 23:31    --------    d-----w-    c:\programdata\AVS4YOU
2014-11-10 23:30 . 2014-11-10 23:30    --------    d-----w-    c:\users\Administrator\AppData\Roaming\AVS4YOU
2014-11-10 23:29 . 2014-11-12 03:36    --------    d-----w-    c:\program files\Common Files\AVSMedia
2014-11-10 23:29 . 2014-11-12 03:36    --------    d-----w-    c:\program files\AVS4YOU
2014-11-03 13:36 . 2014-11-03 13:36    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Balabolka
2014-11-03 13:35 . 2014-11-03 13:36    --------    d-----w-    c:\program files\Balabolka
2014-11-02 06:09 . 2014-11-12 13:13    --------    d-----w-    c:\users\Administrator\AppData\Roaming\CyberLink
2014-11-02 05:28 . 2014-11-02 05:57    --------    d-----w-    c:\program files\CyberLink
2014-11-02 05:24 . 2014-11-12 13:13    --------    d-----w-    c:\programdata\CyberLink
2014-10-31 08:04 . 2014-11-12 01:22    --------    d-----w-    c:\programdata\SmartSound Software Inc
2014-10-31 08:04 . 2014-10-31 08:04    --------    d-----w-    c:\programdata\eSellerate
2014-10-28 01:30 . 2014-10-28 01:30    --------    d-----w-    c:\users\Administrator\AppData\Local\Nuance
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-20 13:22 . 2011-05-13 08:15    28160    ----a-w-    c:\windows\system32\drivers\oem-drv86.sys
2014-11-17 15:45 . 2014-02-28 00:15    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-17 15:45 . 2014-02-28 00:15    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-16 08:42 . 2014-10-16 08:42    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-14 04:04 . 2014-10-14 04:04    98928    ----a-w-    c:\windows\system32\drivers\vmci.sys.dump
2014-10-14 04:04 . 2014-10-14 04:04    63920    ----a-w-    c:\windows\system32\drivers\vmx_svga.sys.dump
2014-10-13 08:55 . 2013-11-01 16:09    162816    ----a-w-    C:\DUMP47a9.tmp
2014-10-10 01:44 . 2014-10-15 15:11    230912    ----a-w-    c:\windows\system32\generaltel.dll
2014-10-10 01:44 . 2014-10-15 15:11    396288    ----a-w-    c:\windows\system32\aepdu.dll
2014-10-10 01:39 . 2014-10-15 15:11    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-10-04 02:04 . 2012-07-17 04:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-29 00:41 . 2014-10-15 13:15    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-09-25 22:32 . 2014-10-15 15:11    2017280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-09-25 01:40 . 2014-10-15 13:15    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 01:25 . 2014-10-15 15:11    4201472    ----a-w-    c:\windows\system32\jscript9.dll
2014-09-19 01:14 . 2014-10-15 15:11    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-19 01:14 . 2014-10-15 15:12    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02 . 2014-10-15 15:12    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-09-19 01:01 . 2014-10-15 15:11    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-19 01:01 . 2014-10-15 15:12    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59 . 2014-10-15 15:11    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50 . 2014-10-15 15:12    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-19 00:50 . 2014-10-15 15:12    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49 . 2014-10-15 15:11    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-09-19 00:44 . 2014-10-15 15:12    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36 . 2014-10-15 15:12    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18 . 2014-10-15 15:11    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59 . 2014-10-15 15:12    1810944    ----a-w-    c:\windows\system32\wininet.dll
2014-09-18 01:32 . 2014-10-15 15:06    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-09-14 23:06 . 2011-12-08 03:54    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-13 01:40 . 2014-10-15 13:14    67072    ----a-w-    c:\windows\system32\packager.dll
2014-09-09 21:47 . 2014-09-28 23:21    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 01:24 . 2014-10-15 13:37    8806800    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C317E892-C1A9-4072-B7F1-2FB1C49DD39F}\mpengine.dll
2014-09-04 05:04 . 2014-10-15 15:11    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-08-27 14:13 . 2014-08-27 14:13    194048    ----a-w-    c:\windows\system32\elshyph.dll
2014-08-27 14:13 . 2014-08-27 14:13    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-08-27 14:13 . 2014-08-27 14:13    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2014-08-27 14:13 . 2014-08-27 14:13    182272    ----a-w-    c:\windows\system32\msls31.dll
2014-08-27 14:13 . 2014-08-27 14:13    62464    ----a-w-    c:\windows\system32\tdc.ocx
2014-08-27 14:13 . 2014-08-27 14:13    337408    ----a-w-    c:\windows\system32\html.iec
2014-08-27 14:13 . 2014-08-27 14:13    24576    ----a-w-    c:\windows\system32\licmgr10.dll
2014-08-27 14:13 . 2014-08-27 14:13    151552    ----a-w-    c:\windows\system32\iexpress.exe
2014-08-27 14:13 . 2014-08-27 14:13    139264    ----a-w-    c:\windows\system32\wextract.exe
2014-08-27 14:13 . 2014-08-27 14:13    13312    ----a-w-    c:\windows\system32\mshta.exe
2014-08-27 14:13 . 2014-08-27 14:13    86016    ----a-w-    c:\windows\system32\iesysprep.dll
2014-08-27 14:13 . 2014-08-27 14:13    74240    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-08-27 14:13 . 2014-08-27 14:13    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-08-27 14:13 . 2014-08-27 14:13    36352    ----a-w-    c:\windows\system32\imgutil.dll
2014-08-27 14:13 . 2014-08-27 14:13    111616    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-08-23 01:46 . 2014-08-28 11:32    305152    ----a-w-    c:\windows\system32\gdi32.dll
2004-05-13 02:26 . 2004-05-13 02:26    84784    ----a-w-    c:\program files\fciv.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2013-02-21 11:49    100656    ----a-w-    c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"~rmvtxrr"="c:\users\Administrator\Downloads\fg742p.exe" [2013-11-20 2115360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 543432]
"Lync"="c:\program files\Microsoft Office\Office15\lync.exe" [2014-07-27 19049112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [BU]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-24 1075296]
"AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-20 472992]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
backup=c:\windows\pss\Send to OneNote.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
.
R0 hcov;hcov;c:\windows\System32\drivers\werlmk.sys [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-08-19 2282272]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-22 172192]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-11-16 167968]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-11-19 79576]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2013-10-02 174592]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2013-09-17 47360]
R3 pimou;Pluralinput Mouse 0.8.6;c:\windows\system32\DRIVERS\pimou.sys [2013-11-30 20808]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-02 1343400]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-11-16 3246040]
R4 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run [x]
S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2014-11-20 28160]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2012-10-23 98064]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2012-10-23 29456]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2012-10-23 209168]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2012-10-23 32528]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-11-16 752128]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-16 83392]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-09-24 37664]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-08-15 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-08-15 134248]
S2 DisplayFusionService;DisplayFusionService;c:\program files\DisplayFusion\DisplayFusionService.exe [2014-06-18 5179760]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-08-15 122376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2013-02-21 4772144]
S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe [2014-08-21 278016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,65,87,ab,51,e5,35,4c,8f,7f,1d,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,65,87,ab,51,e5,35,4c,8f,7f,1d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (Administrator)
"2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,65,87,ab,51,e5,35,4c,8f,7f,1d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="998C774F1938E028D1CAD09DB27A7C7334DD4A11681C70262B29BDF44A1B36F0BBD88914312BF70BA4F1C89C2977CAF796BE96446BB0FC9A6F88E5CCEA70F91B921EE9C86AE73099C7A989BD2D6098B1B0DF670EAB0EBE54CA747836602B6064FC5F2AD8A4709FB3C0FC189B96CD3D3ED370D3539700EA4A75DE3B0354EDA2BF3D775FA2E05C9F687DC9F841E06B546B33F271EE46E87D280E9176F915EEBDD67A122479C757CE7E4A4239AEAD7ABC3A683EDB2CEEBDB8CC9529F5D3957773843E3015A522A08EEF5D6A65D83E4D19E26F7CB3CB7007204DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CA6171C11EC38DE3DA6A0AC4980AC79339230C41352DB44A0A405C2D63EAC803E510C2F8359F9347C0F57768564FDB2D80C6586456F1EA25F9DCBDA9E0F38107D443011122A428A273D8F8FDA573ED4C9A7553AC3C0772014B2C9BA5AA313DB0663C2D864D9F516D8E5325C32F3EBE9B3F0FB86BAE132782D379E1A0332BE80A16A2BEC5FD5E8F3D9CD0F140081532E7AD6AD164A14AFABCC64C2B30612515D51FBA53C5FAF8606261F46F6A96B52A5382D0D9705BA65FCC95680C645C07297489DC035B01C4D70EEE9CAC48BBFDC953A2C94BD745D5AF12F8EF61894DF60186E37614E16F6CE9B989FE6C372B17A08826D14BF94282AD73B6F19EF3E336C885E183FFE44BDB2B63B9637BDA399C6CA46712C57D4EA873C5F422C18FC257B5B6870E5C4679131322388AC0056EF6F716E1CD1C39A9934F244344C6183C086431056B59F1C3A1A4252150C5DB3D4B8D19A334F47BB4C8914C254E71FF7B71D390BC2E115759E4F61FB3EEC2ADB8C7A841AE343A8853E7478E998422970DFDD79481371ADF7CE474B89EABEC0E0FA9F69F2BB9E32B75173417C57F1DB7CB0FE836488C0F49E7B8B0317653FFDCBAD27A1DFB026B307071DD0704FE0159C48491BB4C880FC587CBBCC74DA04C494522514CC1875FD9A87974D7020CF3A44E61BC93F5EB3D8844988B0275E77F82E3BBEE95C2DFAEA0EA0A0245C4DCEB15E71E45B40B4B1A27B02B97C67665506F7E0B112E390F5D073410803C4BEC6E7C6EF2CDE281EA7F587E5A842A1CEAD59CB5DCB3FEBC5FC91CCFBB1DCF04370CBCF118A2A19509374E4DDC257F553E5E3726F71E53433FA0F928A16E9DA89DDD13D252D54EAE3CA4246720DD2BA98379B2D7A99422BA4AC2FB148C125B2266E7048A054B92A57F30853501B14F5A22E792D844E5079C9245D89B3D44C5913DB251E9C5679158B0BF1234B18BBE5DEAA7C9939AFD376B64888EDF20463E62AAEEE60D51D799FC4E032C5D8432EFA1A63250E67715231E050A2A64D1733A3AC4550A32DA46172AE18FABC92EC14D8"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\vds.exe
c:\windows\System32\vdsldr.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\windows\system32\conhost.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Microsoft Office\Office15\MsoSync.exe
.
**************************************************************************
.
Completion time: 2014-11-20  23:34:33 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-20 13:34
ComboFix2.txt  2014-11-19 22:46
.
Pre-Run: 53,956,976,640 bytes free
Post-Run: 53,665,349,632 bytes free
.
- - End Of File - - 7241C79A9313E5AB2C7DDFE18328D5CB
A36C5E4F47E84449FF07ED3517B43A31

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Administrator (administrator) on KHAN on 21-11-2014 00:21:07
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [~rmvtxrr] => C:\Users\Administrator\Downloads\fg742p.exe [2115360 2013-11-20] (Dynamic Internet Technology, Inc.)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D837ED443E9CF01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-11-16] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2013-10-03] (OLYMPUS IMAGING CORP.) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4772144 2013-02-21] (O&O Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-18] (Sandboxie Holdings, LLC)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [278016 2014-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-25] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-15] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-15] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-08-15] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [79576 2014-11-19] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-18] () [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-11-20] (secr9tos) [File not signed]
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [98064 2012-10-24] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [29456 2012-10-24] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [209168 2012-10-24] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [32528 2012-10-24] (O&O Software GmbH)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [20808 2013-11-30] (Christian Gulden)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-18] (Sandboxie Holdings, LLC)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-16] (Acronis)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2011-06-23] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S0 hcov; System32\drivers\werlmk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U3 mbr; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 00:21 - 2014-11-21 00:21 - 00013673 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-21 00:18 - 2014-11-21 00:19 - 01108992 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-11-20 23:34 - 2014-11-20 23:34 - 00022618 _____ () C:\ComboFix.txt
2014-11-20 22:25 - 2014-11-20 22:25 - 05598306 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-11-20 08:27 - 2014-11-20 23:34 - 00000000 ____D () C:\Qoobox
2014-11-19 10:15 - 2014-11-21 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-19 10:07 - 2014-11-19 10:16 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2014-11-19 10:02 - 2014-11-19 10:02 - 00000000 ____D () C:\Users\Administrator\Downloads\mbar-1.08.1.1001
2014-11-19 09:52 - 2014-11-19 09:52 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.08.1.1001.exe
2014-11-19 09:33 - 2014-11-19 09:33 - 00854414 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-11-16 16:44 - 2014-11-21 00:21 - 00000000 ____D () C:\FRST
2014-11-15 11:33 - 2014-11-20 23:23 - 00000620 _____ () C:\Windows\error.log
2014-11-15 02:39 - 2014-11-15 02:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-11-15 02:39 - 2014-11-15 02:39 - 00000000 ____D () C:\RegBackup
2014-11-15 00:33 - 2014-11-15 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 22:32 - 2014-11-14 22:33 - 01706808 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-11-14 19:10 - 2014-11-14 19:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-11-14 19:07 - 2014-11-14 19:08 - 02140160 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2014-11-14 19:04 - 2014-11-14 23:02 - 00000000 ____D () C:\AdwCleaner
2014-11-14 13:23 - 2014-11-14 13:24 - 120201976 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2014-11-14 12:03 - 2014-11-14 22:33 - 00001015 _____ () C:\Users\Administrator\Desktop\Errors.txt
2014-11-12 19:04 - 2014-11-12 19:04 - 00013630 _____ () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch.htm
2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch_files
2014-11-12 19:03 - 2014-11-12 19:14 - 22892794 _____ (Audacity Team ) C:\Users\Administrator\Downloads\audacity-win-2.0.6.exe
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Administrator\Documents\2006 FIFA World Cup™
2014-11-12 16:10 - 2014-11-12 16:10 - 00061440 _____ ( ) C:\Users\Administrator\Downloads\VEW.exe
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\Speccy
2014-11-12 13:15 - 2014-11-12 13:15 - 00000000 ____D () C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 13:12 - 2014-11-12 13:19 - 09817304 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-11-12 12:48 - 2014-11-12 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-11-11 17:37 - 2014-11-11 17:37 - 00000288 _____ () C:\Windows\Support.ini
2014-11-11 17:37 - 2014-11-11 17:37 - 00000000 ____D () C:\Program Files\Common Files\Olympus Shared
2014-11-11 17:32 - 2014-11-12 11:12 - 00000000 ____D () C:\Program Files\The FTW Transcriber
2014-11-11 17:32 - 2014-11-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
2014-11-11 17:28 - 2014-11-11 17:30 - 24588601 _____ (The Tyger Valley Systems, Inc. ) C:\Users\Administrator\Downloads\FTW Transcribe setup.exe
2014-11-11 17:21 - 2014-11-11 17:21 - 01177930 _____ () C:\Users\Administrator\Downloads\NCH.Express.Scribe.Pro.v5.55.Incl.Keygen-BRD.rar
2014-11-11 12:07 - 2014-11-19 10:10 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 11:00 - 2014-11-11 14:46 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2014-11-11 09:31 - 2014-11-11 09:31 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-11-11 09:30 - 2014-11-11 09:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVS4YOU
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-11 08:27 - 2014-11-20 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 23:40 - 2014-11-10 23:41 - 00644160 _____ () C:\Users\Administrator\Downloads\switchsetupSoftonicEN.exe
2014-11-10 16:44 - 2014-11-10 16:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-11-10 16:40 - 2014-11-10 16:40 - 04578024 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-10 10:01 - 2014-11-10 17:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
2014-11-09 11:37 - 2014-11-09 11:37 - 13708848 _____ () C:\Users\Administrator\Downloads\SysinternalsSuite(1).zip
2014-11-04 18:35 - 2014-11-04 18:35 - 00000775 _____ () C:\Users\Administrator\Downloads\Drive Update NVIDER.txt
2014-11-04 12:29 - 2014-11-04 12:29 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (3).exe.1pwp9uk.partial
2014-11-04 12:26 - 2014-11-04 12:26 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (2).exe.hjxm4kd.partial
2014-11-04 12:17 - 2014-11-04 12:19 - 00714995 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial
2014-11-04 11:58 - 2014-11-13 14:50 - 00001149 _____ () C:\Windows\~soundrecorder.dat
2014-11-03 23:36 - 2014-11-03 23:36 - 00000951 _____ () C:\Users\Administrator\Desktop\Balabolka.lnk
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\Documents\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Balabolka
2014-11-03 23:35 - 2014-11-03 23:36 - 00000000 ____D () C:\Program Files\Balabolka
2014-11-03 22:42 - 2014-11-03 23:39 - 00000000 ____D () C:\Users\Administrator\Downloads\Speach
2014-11-03 18:01 - 2014-11-03 18:03 - 31079968 _____ () C:\Users\Administrator\Downloads\Ivona_Reader_inst_wi_ne.exe
2014-11-03 17:12 - 2014-11-03 19:57 - 1092299089 _____ () C:\Users\Administrator\Downloads\ATT tts setup w audrey voice.rar
2014-11-03 16:18 - 2014-11-16 08:12 - 00017395 _____ () C:\Users\Administrator\Desktop\ABC 1 Page 9 Copy 2.txt
2014-11-03 08:25 - 2014-11-03 08:33 - 231177072 _____ () C:\Users\Administrator\Downloads\PowerDirector_3403_GM7_Patch_Patch_VDE141006-01.exe
2014-11-02 16:09 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2014-11-02 15:57 - 2014-11-02 15:57 - 00002169 _____ () C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2014-11-02 15:57 - 2014-11-02 15:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 15:31 - 2014-11-02 15:31 - 00002201 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-11-02 15:31 - 2014-11-02 15:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-02 15:28 - 2014-11-02 15:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-02 15:24 - 2014-11-12 23:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-02 15:21 - 2014-11-02 15:21 - 00064218 _____ () C:\Users\Administrator\Documents\cc_20141102_142119.reg
2014-11-02 10:22 - 2014-11-02 10:22 - 00680956 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
2014-11-02 09:50 - 2014-11-02 10:00 - 01029080 _____ (CyberLink) C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-11-02 09:45 - 2014-11-02 09:48 - 00001007 _____ () C:\Users\test\Desktop\CyberLink_update 3625.lnk
2014-11-01 09:56 - 2014-11-01 09:57 - 08857025 _____ () C:\Users\Administrator\Downloads\A Time To Kill Trailer.mp4
2014-10-31 18:04 - 2014-11-12 11:22 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-10-31 18:04 - 2014-10-31 18:04 - 00000000 ____D () C:\ProgramData\eSellerate
2014-10-31 17:46 - 2014-10-31 17:46 - 00039542 _____ () C:\Users\Administrator\Documents\cc_20141031_164610.reg
2014-10-31 16:55 - 2014-11-04 18:35 - 00000000 ____D () C:\Users\Administrator\Downloads\Power Direct
2014-10-29 22:02 - 2014-10-29 22:02 - 00000841 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-10-28 11:30 - 2014-10-28 11:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Nuance
2014-10-25 15:40 - 2014-10-25 15:40 - 00011896 _____ () C:\Users\Administrator\Documents\cc_20141025_154032.reg
2014-10-25 12:08 - 2014-10-25 12:08 - 02365840 _____ () C:\Users\Administrator\Downloads\SecurityTaskManager_Setup.exe
2014-10-25 08:17 - 2014-10-25 08:17 - 00003447 _____ () C:\Users\Administrator\Downloads\Win7 Editions.txt
2014-10-22 20:12 - 2014-10-22 20:12 - 00484864 _____ (Dicolab B.V.) C:\Users\Administrator\Downloads\TeamPlayer3Connect.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 23:28 - 2013-11-02 21:34 - 01811909 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 23:28 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 23:28 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 23:28 - 2009-07-14 12:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-20 23:27 - 2010-11-21 07:01 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 23:23 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 23:22 - 2014-10-06 23:00 - 00200668 _____ () C:\Windows\setupact.log
2014-11-20 23:22 - 2014-10-06 22:52 - 00079526 _____ () C:\Windows\PFRO.log
2014-11-20 23:22 - 2014-10-06 22:52 - 00002592 _____ () C:\Windows\errord.log
2014-11-20 23:22 - 2011-05-13 18:15 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-11-20 22:47 - 2009-07-14 12:03 - 69206016 _____ () C:\Windows\system32\config\software.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 24379392 _____ () C:\Windows\system32\config\system.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-20 22:46 - 2012-05-14 00:14 - 00000000 ____D () C:\Windows\ERDNT
2014-11-20 22:29 - 2013-03-19 20:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-20 22:19 - 2012-08-06 14:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-11-20 22:15 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\Administrator
2014-11-20 22:14 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-20 22:13 - 2014-10-06 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-11-20 22:13 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2014-11-20 22:13 - 2013-11-05 21:59 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-20 22:13 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\test
2014-11-20 22:13 - 2013-08-28 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-11-20 22:12 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\registration
2014-11-20 22:06 - 2012-07-26 00:00 - 00942080 ___SH () C:\Users\Administrator\Desktop\Thumbs.db
2014-11-19 17:38 - 2013-11-03 17:00 - 00007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-11-19 09:51 - 2014-02-27 13:45 - 00015728 _____ () C:\Users\Administrator\Desktop\Provisor.txt
2014-11-18 01:45 - 2014-02-28 10:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-18 01:45 - 2014-02-28 10:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 10:19 - 2014-08-29 11:28 - 00000000 ___RD () C:\Users\Administrator\Downloads\Toto-FrancocCiccio
2014-11-16 09:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Windows\Lhsp
2014-11-16 08:51 - 2013-07-19 22:04 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-15 11:06 - 2013-11-03 14:47 - 00141312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:03 - 2012-01-20 12:07 - 00000000 ____D () C:\Windows\pss
2014-11-15 10:49 - 2009-07-14 14:33 - 03943296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 10:48 - 2011-04-12 12:24 - 00000000 ____D () C:\Windows\CSC
2014-11-14 18:50 - 2013-11-03 12:31 - 00000000 ____D () C:\Program Files\Software Remove Master
2014-11-14 12:10 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-13 10:44 - 2012-01-17 10:50 - 00001009 _____ () C:\Windows\Brpfx04a.ini
2014-11-12 23:18 - 2013-11-20 17:15 - 00000564 _____ () C:\Users\Administrator\Downloads\fg.ini
2014-11-12 23:17 - 2014-01-11 00:56 - 00002952 _____ () C:\Windows\Sandboxie.ini
2014-11-12 23:07 - 2014-10-16 23:10 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-11-12 11:22 - 2012-01-17 10:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 18:36 - 2013-08-27 22:24 - 00003079 _____ () C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
2014-11-10 23:08 - 2014-09-14 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-11-09 10:38 - 2013-11-02 20:37 - 12845056 _____ () C:\Users\Administrator\ntuser.bak
2014-11-07 01:29 - 2014-03-01 11:06 - 00000000 ____D () C:\Users\Administrator\Downloads\IVONA Voices 2 (1.6.63)
2014-11-06 19:43 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 19:07 - 2014-01-25 11:50 - 01509888 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2014-11-04 12:04 - 2014-09-22 21:26 - 00000000 ____D () C:\Program Files\Free Sound Recorder
2014-11-03 12:34 - 2014-09-22 21:27 - 00000000 ____D () C:\Users\Administrator\Documents\Free Sound Recorder
2014-11-03 08:09 - 2013-11-21 16:37 - 00015682 _____ () C:\Users\Administrator\Downloads\fghelp_en.htm
2014-11-02 16:02 - 2012-07-30 10:34 - 00000056 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_654
2014-11-02 15:58 - 2013-07-19 21:45 - 00000000 ____D () C:\ProgramData\install_clap
2014-10-29 22:03 - 2013-06-24 19:55 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2014-10-29 22:02 - 2013-11-13 12:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2014-10-28 13:44 - 2014-03-07 12:58 - 00000000 ____D () C:\Pdfedit
2014-10-28 11:53 - 2014-10-03 13:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Tracker Software
2014-10-28 11:30 - 2013-08-22 12:17 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-28 11:11 - 2013-08-27 10:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nuance
2014-10-27 23:35 - 2014-09-29 18:47 - 00000000 ____D () C:\Users\Administrator\Desktop\Temp Wagener
2014-10-22 09:27 - 2013-11-04 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 12:42

==================== End Of Log ============================



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2014 - 08:06 PM

Hi soloio,
 

I had to run windows repair even then took a few restart

Please explain what you mean by the above statement? What steps did you take?

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif System File Checker (SFC)
  • Click on the Start button and in the Search programs and files box type the following:
    • command
  • Don't press Enter, just let the search results populate above.
  • In the search results, locate the Programs section.
  • Locate the Command Prompt shortcut and right-click on it.
  • Select Run as administrator.
  • Click Yes on the User Account Control window that appears.
  • Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
  • Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
  • An elevated Command Prompt window will appear.
    • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Copy and Paste the contents of the file into your next post.
  • After the scan runs type exit to close the command prompt window
=========================

In your next post please provide the following:
  • Fixlog.txt
  • sfcdetails.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 21 November 2014 - 02:04 AM

HI! OCD

At start up windows failed to start at the first windows screen (when the windows picture appears) and re-starts again automatically, then it gives option to start windows normal or to run startup repair

 

after trying to start normal a couple of times I had to run windows start up repair, after running start up repair, it failed to start, it took a few restarts before eventually it went in to windows and started windows

 

TODAY SCAN

Please tell me what I am doing wrong!!

I run FRST as instructed, I clicked FIX walked away from computer

I return about 10 minutes later I see FIXLOG.TXT on desktop, FRST steal running however the GREEN bur across the program window does not run or move

 

20 minutes later I click the close program it will not close I click to open text report I cannot open, I click again FRST to close it will not close and anything else will not open I press Ctrl + Alt + del to run task manager it does not open 30 minutes later same thing everything frozen 40 minutes later I press reset button to restart computer

 

Computer started correct no problem: the FRST window sais: Farbar Recovery Scan Tool (Not Responding) next line: Fixing in Progress Please Wait.

 

I believe the same thing happened last time I used it did the same thing, did I do it wrong??

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-11-2014
Ran by Administrator at 2014-11-21 15:30:16 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
End
*****************

 

 

2014-11-15 02:22:52, Info                  CSI    00000009 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:22:52, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-11-15 02:22:57, Info                  CSI    0000000c [SR] Verify complete
2014-11-15 02:22:57, Info                  CSI    0000000d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:22:57, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:02, Info                  CSI    00000010 [SR] Verify complete
2014-11-15 02:23:03, Info                  CSI    00000011 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:03, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:08, Info                  CSI    00000014 [SR] Verify complete
2014-11-15 02:23:09, Info                  CSI    00000015 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:09, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:12, Info                  CSI    00000018 [SR] Verify complete
2014-11-15 02:23:12, Info                  CSI    00000019 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:12, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:15, Info                  CSI    0000001c [SR] Verify complete
2014-11-15 02:23:16, Info                  CSI    0000001d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:16, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:19, Info                  CSI    00000020 [SR] Verify complete
2014-11-15 02:23:19, Info                  CSI    00000021 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:19, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:22, Info                  CSI    00000024 [SR] Verify complete
2014-11-15 02:23:23, Info                  CSI    00000025 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:23, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:25, Info                  CSI    00000028 [SR] Verify complete
2014-11-15 02:23:26, Info                  CSI    00000029 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:26, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:28, Info                  CSI    0000002c [SR] Verify complete
2014-11-15 02:23:29, Info                  CSI    0000002d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:29, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:32, Info                  CSI    00000030 [SR] Verify complete
2014-11-15 02:23:32, Info                  CSI    00000031 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:32, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:36, Info                  CSI    00000034 [SR] Verify complete
2014-11-15 02:23:37, Info                  CSI    00000035 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:37, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:41, Info                  CSI    00000038 [SR] Verify complete
2014-11-15 02:23:41, Info                  CSI    00000039 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:41, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:45, Info                  CSI    0000003c [SR] Verify complete
2014-11-15 02:23:46, Info                  CSI    0000003d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:46, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:49, Info                  CSI    00000040 [SR] Verify complete
2014-11-15 02:23:49, Info                  CSI    00000041 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:49, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:53, Info                  CSI    00000044 [SR] Verify complete
2014-11-15 02:23:53, Info                  CSI    00000045 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:53, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-11-15 02:23:58, Info                  CSI    00000048 [SR] Verify complete
2014-11-15 02:23:58, Info                  CSI    00000049 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:23:58, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:01, Info                  CSI    0000004c [SR] Verify complete
2014-11-15 02:24:01, Info                  CSI    0000004d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:01, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:04, Info                  CSI    00000050 [SR] Verify complete
2014-11-15 02:24:04, Info                  CSI    00000051 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:04, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:12, Info                  CSI    00000054 [SR] Verify complete
2014-11-15 02:24:13, Info                  CSI    00000055 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:13, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:19, Info                  CSI    00000059 [SR] Verify complete
2014-11-15 02:24:19, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:19, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:24, Info                  CSI    0000005e [SR] Verify complete
2014-11-15 02:24:25, Info                  CSI    0000005f [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:25, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:30, Info                  CSI    00000064 [SR] Verify complete
2014-11-15 02:24:31, Info                  CSI    00000065 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:31, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:37, Info                  CSI    0000006a [SR] Verify complete
2014-11-15 02:24:37, Info                  CSI    0000006b [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:37, Info                  CSI    0000006c [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:44, Info                  CSI    00000076 [SR] Verify complete
2014-11-15 02:24:45, Info                  CSI    00000077 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:45, Info                  CSI    00000078 [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:51, Info                  CSI    0000007a [SR] Verify complete
2014-11-15 02:24:51, Info                  CSI    0000007b [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:51, Info                  CSI    0000007c [SR] Beginning Verify and Repair transaction
2014-11-15 02:24:59, Info                  CSI    0000007e [SR] Verify complete
2014-11-15 02:24:59, Info                  CSI    0000007f [SR] Verifying 100 (0x00000064) components
2014-11-15 02:24:59, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:04, Info                  CSI    00000082 [SR] Verify complete
2014-11-15 02:25:04, Info                  CSI    00000083 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:04, Info                  CSI    00000084 [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:11, Info                  CSI    00000086 [SR] Verify complete
2014-11-15 02:25:11, Info                  CSI    00000087 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:11, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:17, Info                  CSI    0000008a [SR] Verify complete
2014-11-15 02:25:17, Info                  CSI    0000008b [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:17, Info                  CSI    0000008c [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:23, Info                  CSI    0000008e [SR] Verify complete
2014-11-15 02:25:23, Info                  CSI    0000008f [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:23, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:33, Info                  CSI    00000094 [SR] Verify complete
2014-11-15 02:25:33, Info                  CSI    00000095 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:33, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:43, Info                  CSI    00000098 [SR] Verify complete
2014-11-15 02:25:43, Info                  CSI    00000099 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:43, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2014-11-15 02:25:53, Info                  CSI    0000009c [SR] Verify complete
2014-11-15 02:25:54, Info                  CSI    0000009d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:25:54, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:06, Info                  CSI    000000a0 [SR] Verify complete
2014-11-15 02:26:06, Info                  CSI    000000a1 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:06, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:09, Info                  CSI    000000a4 [SR] Verify complete
2014-11-15 02:26:10, Info                  CSI    000000a5 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:10, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:11, Info                  CSI    000000a8 [SR] Verify complete
2014-11-15 02:26:11, Info                  CSI    000000a9 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:11, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:13, Info                  CSI    000000ac [SR] Verify complete
2014-11-15 02:26:13, Info                  CSI    000000ad [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:13, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:20, Info                  CSI    000000bf [SR] Verify complete
2014-11-15 02:26:21, Info                  CSI    000000c0 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:21, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:26, Info                  CSI    000000d0 [SR] Verify complete
2014-11-15 02:26:26, Info                  CSI    000000d1 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:26, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:28, Info                  CSI    000000d4 [SR] Verify complete
2014-11-15 02:26:28, Info                  CSI    000000d5 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:28, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:33, Info                  CSI    000000d8 [SR] Verify complete
2014-11-15 02:26:33, Info                  CSI    000000d9 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:33, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:38, Info                  CSI    000000dc [SR] Verify complete
2014-11-15 02:26:38, Info                  CSI    000000dd [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:38, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:46, Info                  CSI    000000e0 [SR] Verify complete
2014-11-15 02:26:47, Info                  CSI    000000e1 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:47, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:54, Info                  CSI    000000e5 [SR] Verify complete
2014-11-15 02:26:55, Info                  CSI    000000e6 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:55, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2014-11-15 02:26:57, Info                  CSI    000000e9 [SR] Verify complete
2014-11-15 02:26:58, Info                  CSI    000000ea [SR] Verifying 100 (0x00000064) components
2014-11-15 02:26:58, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:00, Info                  CSI    000000ed [SR] Verify complete
2014-11-15 02:27:00, Info                  CSI    000000ee [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:00, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:08, Info                  CSI    000000f1 [SR] Verify complete
2014-11-15 02:27:08, Info                  CSI    000000f2 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:08, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:13, Info                  CSI    000000f5 [SR] Verify complete
2014-11-15 02:27:13, Info                  CSI    000000f6 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:13, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:19, Info                  CSI    000000f9 [SR] Verify complete
2014-11-15 02:27:19, Info                  CSI    000000fa [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:19, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:29, Info                  CSI    00000108 [SR] Verify complete
2014-11-15 02:27:29, Info                  CSI    00000109 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:29, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:36, Info                  CSI    00000125 [SR] Verify complete
2014-11-15 02:27:36, Info                  CSI    00000126 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:36, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:43, Info                  CSI    00000129 [SR] Verify complete
2014-11-15 02:27:44, Info                  CSI    0000012a [SR] Verifying 100 (0x00000064) components
2014-11-15 02:27:44, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2014-11-15 02:27:59, Info                  CSI    0000012d [SR] Verify complete
2014-11-15 02:28:00, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:00, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:11, Info                  CSI    00000132 [SR] Verify complete
2014-11-15 02:28:11, Info                  CSI    00000133 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:11, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:19, Info                  CSI    00000136 [SR] Verify complete
2014-11-15 02:28:19, Info                  CSI    00000137 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:19, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:24, Info                  CSI    0000013a [SR] Verify complete
2014-11-15 02:28:25, Info                  CSI    0000013b [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:25, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:30, Info                  CSI    0000013e [SR] Verify complete
2014-11-15 02:28:30, Info                  CSI    0000013f [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:30, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:35, Info                  CSI    00000142 [SR] Verify complete
2014-11-15 02:28:35, Info                  CSI    00000143 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:35, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:40, Info                  CSI    00000147 [SR] Verify complete
2014-11-15 02:28:40, Info                  CSI    00000148 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:40, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:44, Info                  CSI    0000014b [SR] Verify complete
2014-11-15 02:28:44, Info                  CSI    0000014c [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:44, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
2014-11-15 02:28:58, Info                  CSI    0000014f [SR] Verify complete
2014-11-15 02:28:58, Info                  CSI    00000150 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:28:58, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:07, Info                  CSI    00000154 [SR] Verify complete
2014-11-15 02:29:07, Info                  CSI    00000155 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:07, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:12, Info                  CSI    00000158 [SR] Verify complete
2014-11-15 02:29:13, Info                  CSI    00000159 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:13, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:20, Info                  CSI    0000015c [SR] Verify complete
2014-11-15 02:29:20, Info                  CSI    0000015d [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:20, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:30, Info                  CSI    00000161 [SR] Verify complete
2014-11-15 02:29:30, Info                  CSI    00000162 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:30, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:35, Info                  CSI    00000165 [SR] Verify complete
2014-11-15 02:29:35, Info                  CSI    00000166 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:35, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:41, Info                  CSI    00000169 [SR] Verify complete
2014-11-15 02:29:41, Info                  CSI    0000016a [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:41, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:47, Info                  CSI    0000016d [SR] Verify complete
2014-11-15 02:29:47, Info                  CSI    0000016e [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:47, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2014-11-15 02:29:53, Info                  CSI    00000172 [SR] Verify complete
2014-11-15 02:29:54, Info                  CSI    00000173 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:29:54, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:01, Info                  CSI    00000176 [SR] Verify complete
2014-11-15 02:30:01, Info                  CSI    00000177 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:01, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:04, Info                  CSI    0000017a [SR] Verify complete
2014-11-15 02:30:05, Info                  CSI    0000017b [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:05, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:10, Info                  CSI    0000017e [SR] Verify complete
2014-11-15 02:30:10, Info                  CSI    0000017f [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:10, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:17, Info                  CSI    00000183 [SR] Verify complete
2014-11-15 02:30:17, Info                  CSI    00000184 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:17, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:23, Info                  CSI    00000187 [SR] Verify complete
2014-11-15 02:30:23, Info                  CSI    00000188 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:23, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:30, Info                  CSI    0000018b [SR] Verify complete
2014-11-15 02:30:30, Info                  CSI    0000018c [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:30, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:37, Info                  CSI    0000018f [SR] Verify complete
2014-11-15 02:30:37, Info                  CSI    00000190 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:37, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:43, Info                  CSI    00000193 [SR] Verify complete
2014-11-15 02:30:43, Info                  CSI    00000194 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:43, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:47, Info                  CSI    00000197 [SR] Verify complete
2014-11-15 02:30:47, Info                  CSI    00000198 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:47, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:51, Info                  CSI    0000019b [SR] Verify complete
2014-11-15 02:30:51, Info                  CSI    0000019c [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:51, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-11-15 02:30:56, Info                  CSI    0000019f [SR] Verify complete
2014-11-15 02:30:56, Info                  CSI    000001a0 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:30:56, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-11-15 02:31:02, Info                  CSI    000001a3 [SR] Verify complete
2014-11-15 02:31:02, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:31:02, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2014-11-15 02:31:08, Info                  CSI    000001a7 [SR] Verify complete
2014-11-15 02:31:08, Info                  CSI    000001a8 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:31:08, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2014-11-15 02:31:11, Info                  CSI    000001ab [SR] Verify complete
2014-11-15 02:31:11, Info                  CSI    000001ac [SR] Verifying 100 (0x00000064) components
2014-11-15 02:31:11, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2014-11-15 02:31:19, Info                  CSI    000001af [SR] Verify complete
2014-11-15 02:31:19, Info                  CSI    000001b0 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:31:19, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2014-11-15 02:31:44, Info                  CSI    000001b3 [SR] Verify complete
2014-11-15 02:31:44, Info                  CSI    000001b4 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:31:44, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-11-15 02:31:53, Info                  CSI    000001b7 [SR] Verify complete
2014-11-15 02:31:53, Info                  CSI    000001b8 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:31:53, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:00, Info                  CSI    000001bb [SR] Verify complete
2014-11-15 02:32:01, Info                  CSI    000001bc [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:01, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:04, Info                  CSI    000001bf [SR] Verify complete
2014-11-15 02:32:04, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:04, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:08, Info                  CSI    000001c3 [SR] Verify complete
2014-11-15 02:32:08, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:08, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:13, Info                  CSI    000001c7 [SR] Verify complete
2014-11-15 02:32:13, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:13, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:18, Info                  CSI    000001cb [SR] Verify complete
2014-11-15 02:32:18, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:18, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:19, Info                  CSI    000001cf [SR] Verify complete
2014-11-15 02:32:19, Info                  CSI    000001d0 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:19, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:20, Info                  CSI    000001d3 [SR] Verify complete
2014-11-15 02:32:21, Info                  CSI    000001d4 [SR] Verifying 100 (0x00000064) components
2014-11-15 02:32:21, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:26, Info                  CSI    000001d7 [SR] Verify complete
2014-11-15 02:32:26, Info                  CSI    000001d8 [SR] Verifying 6 components
2014-11-15 02:32:26, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:27, Info                  CSI    000001db [SR] Verify complete
2014-11-15 02:32:27, Info                  CSI    000001dc [SR] Repairing 0 components
2014-11-15 02:32:27, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2014-11-15 02:32:27, Info                  CSI    000001df [SR] Repair complete
2014-11-15 09:22:41, Info                  CSI    00000009 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:22:41, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-11-15 09:22:45, Info                  CSI    0000000c [SR] Verify complete
2014-11-15 09:22:46, Info                  CSI    0000000d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:22:46, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-11-15 09:22:50, Info                  CSI    00000010 [SR] Verify complete
2014-11-15 09:22:50, Info                  CSI    00000011 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:22:50, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-11-15 09:22:54, Info                  CSI    00000014 [SR] Verify complete
2014-11-15 09:22:55, Info                  CSI    00000015 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:22:55, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-11-15 09:22:57, Info                  CSI    00000018 [SR] Verify complete
2014-11-15 09:22:58, Info                  CSI    00000019 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:22:58, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:00, Info                  CSI    0000001c [SR] Verify complete
2014-11-15 09:23:00, Info                  CSI    0000001d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:00, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:02, Info                  CSI    00000020 [SR] Verify complete
2014-11-15 09:23:03, Info                  CSI    00000021 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:03, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:05, Info                  CSI    00000024 [SR] Verify complete
2014-11-15 09:23:05, Info                  CSI    00000025 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:05, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:07, Info                  CSI    00000028 [SR] Verify complete
2014-11-15 09:23:08, Info                  CSI    00000029 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:08, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:10, Info                  CSI    0000002c [SR] Verify complete
2014-11-15 09:23:10, Info                  CSI    0000002d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:10, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:12, Info                  CSI    00000030 [SR] Verify complete
2014-11-15 09:23:13, Info                  CSI    00000031 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:13, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:16, Info                  CSI    00000034 [SR] Verify complete
2014-11-15 09:23:17, Info                  CSI    00000035 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:17, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:20, Info                  CSI    00000038 [SR] Verify complete
2014-11-15 09:23:20, Info                  CSI    00000039 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:20, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:23, Info                  CSI    0000003c [SR] Verify complete
2014-11-15 09:23:24, Info                  CSI    0000003d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:24, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:26, Info                  CSI    00000040 [SR] Verify complete
2014-11-15 09:23:26, Info                  CSI    00000041 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:26, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:29, Info                  CSI    00000044 [SR] Verify complete
2014-11-15 09:23:29, Info                  CSI    00000045 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:29, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:34, Info                  CSI    00000048 [SR] Verify complete
2014-11-15 09:23:34, Info                  CSI    00000049 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:34, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:37, Info                  CSI    0000004c [SR] Verify complete
2014-11-15 09:23:37, Info                  CSI    0000004d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:37, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:40, Info                  CSI    00000050 [SR] Verify complete
2014-11-15 09:23:40, Info                  CSI    00000051 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:40, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:47, Info                  CSI    00000054 [SR] Verify complete
2014-11-15 09:23:47, Info                  CSI    00000055 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:47, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:53, Info                  CSI    00000059 [SR] Verify complete
2014-11-15 09:23:53, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:53, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2014-11-15 09:23:57, Info                  CSI    0000005e [SR] Verify complete
2014-11-15 09:23:57, Info                  CSI    0000005f [SR] Verifying 100 (0x00000064) components
2014-11-15 09:23:57, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:01, Info                  CSI    00000064 [SR] Verify complete
2014-11-15 09:24:02, Info                  CSI    00000065 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:02, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:07, Info                  CSI    0000006a [SR] Verify complete
2014-11-15 09:24:07, Info                  CSI    0000006b [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:07, Info                  CSI    0000006c [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:15, Info                  CSI    00000076 [SR] Verify complete
2014-11-15 09:24:15, Info                  CSI    00000077 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:15, Info                  CSI    00000078 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:20, Info                  CSI    0000007a [SR] Verify complete
2014-11-15 09:24:20, Info                  CSI    0000007b [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:20, Info                  CSI    0000007c [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:27, Info                  CSI    0000007e [SR] Verify complete
2014-11-15 09:24:27, Info                  CSI    0000007f [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:27, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:31, Info                  CSI    00000082 [SR] Verify complete
2014-11-15 09:24:31, Info                  CSI    00000083 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:31, Info                  CSI    00000084 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:36, Info                  CSI    00000086 [SR] Verify complete
2014-11-15 09:24:36, Info                  CSI    00000087 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:36, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:41, Info                  CSI    0000008a [SR] Verify complete
2014-11-15 09:24:41, Info                  CSI    0000008b [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:41, Info                  CSI    0000008c [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:47, Info                  CSI    0000008e [SR] Verify complete
2014-11-15 09:24:47, Info                  CSI    0000008f [SR] Verifying 100 (0x00000064) components
2014-11-15 09:24:47, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
2014-11-15 09:24:59, Info                  CSI    00000094 [SR] Verify complete
2014-11-15 09:25:00, Info                  CSI    00000095 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:00, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:09, Info                  CSI    00000098 [SR] Verify complete
2014-11-15 09:25:10, Info                  CSI    00000099 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:10, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:20, Info                  CSI    0000009c [SR] Verify complete
2014-11-15 09:25:20, Info                  CSI    0000009d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:20, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:32, Info                  CSI    000000a0 [SR] Verify complete
2014-11-15 09:25:32, Info                  CSI    000000a1 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:32, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:35, Info                  CSI    000000a4 [SR] Verify complete
2014-11-15 09:25:36, Info                  CSI    000000a5 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:36, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:37, Info                  CSI    000000a8 [SR] Verify complete
2014-11-15 09:25:38, Info                  CSI    000000a9 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:38, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:39, Info                  CSI    000000ac [SR] Verify complete
2014-11-15 09:25:40, Info                  CSI    000000ad [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:40, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:47, Info                  CSI    000000bf [SR] Verify complete
2014-11-15 09:25:47, Info                  CSI    000000c0 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:47, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:52, Info                  CSI    000000d0 [SR] Verify complete
2014-11-15 09:25:52, Info                  CSI    000000d1 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:52, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:54, Info                  CSI    000000d4 [SR] Verify complete
2014-11-15 09:25:54, Info                  CSI    000000d5 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:54, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2014-11-15 09:25:58, Info                  CSI    000000d8 [SR] Verify complete
2014-11-15 09:25:58, Info                  CSI    000000d9 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:25:58, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:03, Info                  CSI    000000dc [SR] Verify complete
2014-11-15 09:26:03, Info                  CSI    000000dd [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:03, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:10, Info                  CSI    000000e0 [SR] Verify complete
2014-11-15 09:26:11, Info                  CSI    000000e1 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:11, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:18, Info                  CSI    000000e5 [SR] Verify complete
2014-11-15 09:26:18, Info                  CSI    000000e6 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:18, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:20, Info                  CSI    000000e9 [SR] Verify complete
2014-11-15 09:26:21, Info                  CSI    000000ea [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:21, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:23, Info                  CSI    000000ed [SR] Verify complete
2014-11-15 09:26:23, Info                  CSI    000000ee [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:23, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:29, Info                  CSI    000000f1 [SR] Verify complete
2014-11-15 09:26:29, Info                  CSI    000000f2 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:29, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:34, Info                  CSI    000000f5 [SR] Verify complete
2014-11-15 09:26:34, Info                  CSI    000000f6 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:34, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:40, Info                  CSI    000000f9 [SR] Verify complete
2014-11-15 09:26:40, Info                  CSI    000000fa [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:40, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:48, Info                  CSI    00000108 [SR] Verify complete
2014-11-15 09:26:49, Info                  CSI    00000109 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:49, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2014-11-15 09:26:55, Info                  CSI    00000125 [SR] Verify complete
2014-11-15 09:26:55, Info                  CSI    00000126 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:26:55, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:02, Info                  CSI    00000129 [SR] Verify complete
2014-11-15 09:27:03, Info                  CSI    0000012a [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:03, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:18, Info                  CSI    0000012d [SR] Verify complete
2014-11-15 09:27:19, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:19, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:30, Info                  CSI    00000132 [SR] Verify complete
2014-11-15 09:27:30, Info                  CSI    00000133 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:30, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:38, Info                  CSI    00000136 [SR] Verify complete
2014-11-15 09:27:38, Info                  CSI    00000137 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:38, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:42, Info                  CSI    0000013a [SR] Verify complete
2014-11-15 09:27:43, Info                  CSI    0000013b [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:43, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:48, Info                  CSI    0000013e [SR] Verify complete
2014-11-15 09:27:48, Info                  CSI    0000013f [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:48, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:52, Info                  CSI    00000142 [SR] Verify complete
2014-11-15 09:27:52, Info                  CSI    00000143 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:52, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2014-11-15 09:27:57, Info                  CSI    00000147 [SR] Verify complete
2014-11-15 09:27:58, Info                  CSI    00000148 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:27:58, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:01, Info                  CSI    0000014b [SR] Verify complete
2014-11-15 09:28:02, Info                  CSI    0000014c [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:02, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:17, Info                  CSI    0000014f [SR] Verify complete
2014-11-15 09:28:17, Info                  CSI    00000150 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:17, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:26, Info                  CSI    00000154 [SR] Verify complete
2014-11-15 09:28:26, Info                  CSI    00000155 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:26, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:32, Info                  CSI    00000158 [SR] Verify complete
2014-11-15 09:28:32, Info                  CSI    00000159 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:32, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:39, Info                  CSI    0000015c [SR] Verify complete
2014-11-15 09:28:39, Info                  CSI    0000015d [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:39, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:49, Info                  CSI    00000161 [SR] Verify complete
2014-11-15 09:28:50, Info                  CSI    00000162 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:50, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2014-11-15 09:28:55, Info                  CSI    00000165 [SR] Verify complete
2014-11-15 09:28:55, Info                  CSI    00000166 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:28:55, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:01, Info                  CSI    00000169 [SR] Verify complete
2014-11-15 09:29:01, Info                  CSI    0000016a [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:01, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:07, Info                  CSI    0000016d [SR] Verify complete
2014-11-15 09:29:07, Info                  CSI    0000016e [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:07, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:14, Info                  CSI    00000172 [SR] Verify complete
2014-11-15 09:29:14, Info                  CSI    00000173 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:14, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:21, Info                  CSI    00000176 [SR] Verify complete
2014-11-15 09:29:22, Info                  CSI    00000177 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:22, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:25, Info                  CSI    0000017a [SR] Verify complete
2014-11-15 09:29:25, Info                  CSI    0000017b [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:25, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:31, Info                  CSI    0000017e [SR] Verify complete
2014-11-15 09:29:31, Info                  CSI    0000017f [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:31, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:38, Info                  CSI    00000183 [SR] Verify complete
2014-11-15 09:29:38, Info                  CSI    00000184 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:38, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:44, Info                  CSI    00000187 [SR] Verify complete
2014-11-15 09:29:44, Info                  CSI    00000188 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:44, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:52, Info                  CSI    0000018b [SR] Verify complete
2014-11-15 09:29:52, Info                  CSI    0000018c [SR] Verifying 100 (0x00000064) components
2014-11-15 09:29:52, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2014-11-15 09:29:59, Info                  CSI    0000018f [SR] Verify complete
2014-11-15 09:30:00, Info                  CSI    00000190 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:00, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:06, Info                  CSI    00000193 [SR] Verify complete
2014-11-15 09:30:06, Info                  CSI    00000194 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:06, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:09, Info                  CSI    00000197 [SR] Verify complete
2014-11-15 09:30:10, Info                  CSI    00000198 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:10, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:13, Info                  CSI    0000019b [SR] Verify complete
2014-11-15 09:30:14, Info                  CSI    0000019c [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:14, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:18, Info                  CSI    0000019f [SR] Verify complete
2014-11-15 09:30:19, Info                  CSI    000001a0 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:19, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:25, Info                  CSI    000001a3 [SR] Verify complete
2014-11-15 09:30:25, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:25, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:31, Info                  CSI    000001a7 [SR] Verify complete
2014-11-15 09:30:31, Info                  CSI    000001a8 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:31, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:34, Info                  CSI    000001ab [SR] Verify complete
2014-11-15 09:30:35, Info                  CSI    000001ac [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:35, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2014-11-15 09:30:42, Info                  CSI    000001af [SR] Verify complete
2014-11-15 09:30:42, Info                  CSI    000001b0 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:30:42, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:08, Info                  CSI    000001b3 [SR] Verify complete
2014-11-15 09:31:08, Info                  CSI    000001b4 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:08, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:17, Info                  CSI    000001b7 [SR] Verify complete
2014-11-15 09:31:17, Info                  CSI    000001b8 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:17, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:25, Info                  CSI    000001bb [SR] Verify complete
2014-11-15 09:31:25, Info                  CSI    000001bc [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:25, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:28, Info                  CSI    000001bf [SR] Verify complete
2014-11-15 09:31:28, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:28, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:32, Info                  CSI    000001c3 [SR] Verify complete
2014-11-15 09:31:33, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:33, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:37, Info                  CSI    000001c7 [SR] Verify complete
2014-11-15 09:31:37, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:37, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:43, Info                  CSI    000001cb [SR] Verify complete
2014-11-15 09:31:43, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:43, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:44, Info                  CSI    000001cf [SR] Verify complete
2014-11-15 09:31:44, Info                  CSI    000001d0 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:44, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:45, Info                  CSI    000001d3 [SR] Verify complete
2014-11-15 09:31:45, Info                  CSI    000001d4 [SR] Verifying 100 (0x00000064) components
2014-11-15 09:31:45, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:51, Info                  CSI    000001d7 [SR] Verify complete
2014-11-15 09:31:51, Info                  CSI    000001d8 [SR] Verifying 6 components
2014-11-15 09:31:51, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:52, Info                  CSI    000001db [SR] Verify complete
2014-11-15 09:31:52, Info                  CSI    000001dc [SR] Repairing 0 components
2014-11-15 09:31:52, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2014-11-15 09:31:52, Info                  CSI    000001df [SR] Repair complete
2014-11-21 17:37:32, Info                  CSI    00000009 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:37:32, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-11-21 17:37:38, Info                  CSI    0000000c [SR] Verify complete
2014-11-21 17:37:38, Info                  CSI    0000000d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:37:38, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-11-21 17:37:44, Info                  CSI    00000010 [SR] Verify complete
2014-11-21 17:37:44, Info                  CSI    00000011 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:37:44, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-11-21 17:37:51, Info                  CSI    00000014 [SR] Verify complete
2014-11-21 17:37:51, Info                  CSI    00000015 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:37:51, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-11-21 17:37:55, Info                  CSI    00000018 [SR] Verify complete
2014-11-21 17:37:56, Info                  CSI    00000019 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:37:56, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-11-21 17:37:59, Info                  CSI    0000001c [SR] Verify complete
2014-11-21 17:38:00, Info                  CSI    0000001d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:00, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:03, Info                  CSI    00000020 [SR] Verify complete
2014-11-21 17:38:04, Info                  CSI    00000021 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:04, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:07, Info                  CSI    00000024 [SR] Verify complete
2014-11-21 17:38:07, Info                  CSI    00000025 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:07, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:10, Info                  CSI    00000028 [SR] Verify complete
2014-11-21 17:38:11, Info                  CSI    00000029 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:11, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:13, Info                  CSI    0000002c [SR] Verify complete
2014-11-21 17:38:14, Info                  CSI    0000002d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:14, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:17, Info                  CSI    00000030 [SR] Verify complete
2014-11-21 17:38:17, Info                  CSI    00000031 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:17, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:22, Info                  CSI    00000034 [SR] Verify complete
2014-11-21 17:38:23, Info                  CSI    00000035 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:23, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:27, Info                  CSI    00000038 [SR] Verify complete
2014-11-21 17:38:28, Info                  CSI    00000039 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:28, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:32, Info                  CSI    0000003c [SR] Verify complete
2014-11-21 17:38:33, Info                  CSI    0000003d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:33, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:36, Info                  CSI    00000040 [SR] Verify complete
2014-11-21 17:38:37, Info                  CSI    00000041 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:37, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:41, Info                  CSI    00000044 [SR] Verify complete
2014-11-21 17:38:41, Info                  CSI    00000045 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:41, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:47, Info                  CSI    00000048 [SR] Verify complete
2014-11-21 17:38:47, Info                  CSI    00000049 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:47, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:51, Info                  CSI    0000004c [SR] Verify complete
2014-11-21 17:38:51, Info                  CSI    0000004d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:51, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2014-11-21 17:38:54, Info                  CSI    00000050 [SR] Verify complete
2014-11-21 17:38:55, Info                  CSI    00000051 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:38:55, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:03, Info                  CSI    00000054 [SR] Verify complete
2014-11-21 17:39:04, Info                  CSI    00000055 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:04, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:11, Info                  CSI    00000059 [SR] Verify complete
2014-11-21 17:39:11, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:11, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:17, Info                  CSI    0000005e [SR] Verify complete
2014-11-21 17:39:17, Info                  CSI    0000005f [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:17, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:23, Info                  CSI    00000064 [SR] Verify complete
2014-11-21 17:39:24, Info                  CSI    00000065 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:24, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:31, Info                  CSI    0000006a [SR] Verify complete
2014-11-21 17:39:31, Info                  CSI    0000006b [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:31, Info                  CSI    0000006c [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:39, Info                  CSI    00000076 [SR] Verify complete
2014-11-21 17:39:39, Info                  CSI    00000077 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:39, Info                  CSI    00000078 [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:47, Info                  CSI    0000007a [SR] Verify complete
2014-11-21 17:39:47, Info                  CSI    0000007b [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:47, Info                  CSI    0000007c [SR] Beginning Verify and Repair transaction
2014-11-21 17:39:55, Info                  CSI    0000007e [SR] Verify complete
2014-11-21 17:39:55, Info                  CSI    0000007f [SR] Verifying 100 (0x00000064) components
2014-11-21 17:39:55, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:00, Info                  CSI    00000082 [SR] Verify complete
2014-11-21 17:40:00, Info                  CSI    00000083 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:00, Info                  CSI    00000084 [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:06, Info                  CSI    00000086 [SR] Verify complete
2014-11-21 17:40:07, Info                  CSI    00000087 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:07, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:13, Info                  CSI    0000008a [SR] Verify complete
2014-11-21 17:40:13, Info                  CSI    0000008b [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:13, Info                  CSI    0000008c [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:19, Info                  CSI    0000008e [SR] Verify complete
2014-11-21 17:40:20, Info                  CSI    0000008f [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:20, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:30, Info                  CSI    00000094 [SR] Verify complete
2014-11-21 17:40:31, Info                  CSI    00000095 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:31, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:41, Info                  CSI    00000098 [SR] Verify complete
2014-11-21 17:40:42, Info                  CSI    00000099 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:42, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2014-11-21 17:40:53, Info                  CSI    0000009c [SR] Verify complete
2014-11-21 17:40:54, Info                  CSI    0000009d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:40:54, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:08, Info                  CSI    000000a0 [SR] Verify complete
2014-11-21 17:41:08, Info                  CSI    000000a1 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:08, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:13, Info                  CSI    000000a4 [SR] Verify complete
2014-11-21 17:41:13, Info                  CSI    000000a5 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:13, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:16, Info                  CSI    000000a8 [SR] Verify complete
2014-11-21 17:41:16, Info                  CSI    000000a9 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:16, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:18, Info                  CSI    000000ac [SR] Verify complete
2014-11-21 17:41:19, Info                  CSI    000000ad [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:19, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:27, Info                  CSI    000000bf [SR] Verify complete
2014-11-21 17:41:27, Info                  CSI    000000c0 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:27, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:33, Info                  CSI    000000d0 [SR] Verify complete
2014-11-21 17:41:33, Info                  CSI    000000d1 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:33, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:36, Info                  CSI    000000d4 [SR] Verify complete
2014-11-21 17:41:36, Info                  CSI    000000d5 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:36, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:41, Info                  CSI    000000d8 [SR] Verify complete
2014-11-21 17:41:41, Info                  CSI    000000d9 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:41, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:47, Info                  CSI    000000dc [SR] Verify complete
2014-11-21 17:41:47, Info                  CSI    000000dd [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:47, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2014-11-21 17:41:56, Info                  CSI    000000e0 [SR] Verify complete
2014-11-21 17:41:57, Info                  CSI    000000e1 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:41:57, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:06, Info                  CSI    000000e5 [SR] Verify complete
2014-11-21 17:42:07, Info                  CSI    000000e6 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:07, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:09, Info                  CSI    000000e9 [SR] Verify complete
2014-11-21 17:42:10, Info                  CSI    000000ea [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:10, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:13, Info                  CSI    000000ed [SR] Verify complete
2014-11-21 17:42:13, Info                  CSI    000000ee [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:13, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:21, Info                  CSI    000000f1 [SR] Verify complete
2014-11-21 17:42:22, Info                  CSI    000000f2 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:22, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:27, Info                  CSI    000000f5 [SR] Verify complete
2014-11-21 17:42:28, Info                  CSI    000000f6 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:28, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:35, Info                  CSI    000000f9 [SR] Verify complete
2014-11-21 17:42:35, Info                  CSI    000000fa [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:35, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:46, Info                  CSI    00000108 [SR] Verify complete
2014-11-21 17:42:46, Info                  CSI    00000109 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:46, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2014-11-21 17:42:55, Info                  CSI    00000125 [SR] Verify complete
2014-11-21 17:42:56, Info                  CSI    00000126 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:42:56, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2014-11-21 17:43:05, Info                  CSI    00000129 [SR] Verify complete
2014-11-21 17:43:05, Info                  CSI    0000012a [SR] Verifying 100 (0x00000064) components
2014-11-21 17:43:05, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2014-11-21 17:43:27, Info                  CSI    0000012d [SR] Verify complete
2014-11-21 17:43:28, Info                  CSI    0000012e [SR] Verifying 100 (0x00000064) components
2014-11-21 17:43:28, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2014-11-21 17:43:42, Info                  CSI    00000132 [SR] Verify complete
2014-11-21 17:43:42, Info                  CSI    00000133 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:43:42, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2014-11-21 17:43:52, Info                  CSI    00000136 [SR] Verify complete
2014-11-21 17:43:52, Info                  CSI    00000137 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:43:52, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2014-11-21 17:43:58, Info                  CSI    0000013a [SR] Verify complete
2014-11-21 17:43:59, Info                  CSI    0000013b [SR] Verifying 100 (0x00000064) components
2014-11-21 17:43:59, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:06, Info                  CSI    0000013e [SR] Verify complete
2014-11-21 17:44:06, Info                  CSI    0000013f [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:06, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:12, Info                  CSI    00000142 [SR] Verify complete
2014-11-21 17:44:12, Info                  CSI    00000143 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:12, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:18, Info                  CSI    00000147 [SR] Verify complete
2014-11-21 17:44:19, Info                  CSI    00000148 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:19, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:24, Info                  CSI    0000014b [SR] Verify complete
2014-11-21 17:44:24, Info                  CSI    0000014c [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:24, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:41, Info                  CSI    0000014f [SR] Verify complete
2014-11-21 17:44:41, Info                  CSI    00000150 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:41, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:51, Info                  CSI    00000154 [SR] Verify complete
2014-11-21 17:44:52, Info                  CSI    00000155 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:52, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2014-11-21 17:44:59, Info                  CSI    00000158 [SR] Verify complete
2014-11-21 17:44:59, Info                  CSI    00000159 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:44:59, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:07, Info                  CSI    0000015c [SR] Verify complete
2014-11-21 17:45:08, Info                  CSI    0000015d [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:08, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:20, Info                  CSI    00000161 [SR] Verify complete
2014-11-21 17:45:21, Info                  CSI    00000162 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:21, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:27, Info                  CSI    00000165 [SR] Verify complete
2014-11-21 17:45:27, Info                  CSI    00000166 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:27, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:34, Info                  CSI    00000169 [SR] Verify complete
2014-11-21 17:45:34, Info                  CSI    0000016a [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:34, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:41, Info                  CSI    0000016d [SR] Verify complete
2014-11-21 17:45:42, Info                  CSI    0000016e [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:42, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:49, Info                  CSI    00000172 [SR] Verify complete
2014-11-21 17:45:49, Info                  CSI    00000173 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:49, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2014-11-21 17:45:58, Info                  CSI    00000176 [SR] Verify complete
2014-11-21 17:45:59, Info                  CSI    00000177 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:45:59, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:02, Info                  CSI    0000017a [SR] Verify complete
2014-11-21 17:46:03, Info                  CSI    0000017b [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:03, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:09, Info                  CSI    0000017e [SR] Verify complete
2014-11-21 17:46:09, Info                  CSI    0000017f [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:09, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:17, Info                  CSI    00000183 [SR] Verify complete
2014-11-21 17:46:17, Info                  CSI    00000184 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:17, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:24, Info                  CSI    00000187 [SR] Verify complete
2014-11-21 17:46:25, Info                  CSI    00000188 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:25, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:33, Info                  CSI    0000018b [SR] Verify complete
2014-11-21 17:46:33, Info                  CSI    0000018c [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:33, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:41, Info                  CSI    0000018f [SR] Verify complete
2014-11-21 17:46:41, Info                  CSI    00000190 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:41, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:49, Info                  CSI    00000193 [SR] Verify complete
2014-11-21 17:46:49, Info                  CSI    00000194 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:49, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:54, Info                  CSI    00000197 [SR] Verify complete
2014-11-21 17:46:54, Info                  CSI    00000198 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:54, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2014-11-21 17:46:58, Info                  CSI    0000019b [SR] Verify complete
2014-11-21 17:46:58, Info                  CSI    0000019c [SR] Verifying 100 (0x00000064) components
2014-11-21 17:46:58, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-11-21 17:47:04, Info                  CSI    0000019f [SR] Verify complete
2014-11-21 17:47:05, Info                  CSI    000001a0 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:47:05, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-11-21 17:47:12, Info                  CSI    000001a3 [SR] Verify complete
2014-11-21 17:47:12, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:47:12, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2014-11-21 17:47:19, Info                  CSI    000001a7 [SR] Verify complete
2014-11-21 17:47:19, Info                  CSI    000001a8 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:47:19, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2014-11-21 17:47:23, Info                  CSI    000001ab [SR] Verify complete
2014-11-21 17:47:23, Info                  CSI    000001ac [SR] Verifying 100 (0x00000064) components
2014-11-21 17:47:23, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2014-11-21 17:47:34, Info                  CSI    000001af [SR] Verify complete
2014-11-21 17:47:34, Info                  CSI    000001b0 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:47:34, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:03, Info                  CSI    000001b3 [SR] Verify complete
2014-11-21 17:48:03, Info                  CSI    000001b4 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:03, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:12, Info                  CSI    000001b7 [SR] Verify complete
2014-11-21 17:48:12, Info                  CSI    000001b8 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:12, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:21, Info                  CSI    000001bb [SR] Verify complete
2014-11-21 17:48:21, Info                  CSI    000001bc [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:21, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:25, Info                  CSI    000001bf [SR] Verify complete
2014-11-21 17:48:25, Info                  CSI    000001c0 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:25, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:30, Info                  CSI    000001c3 [SR] Verify complete
2014-11-21 17:48:30, Info                  CSI    000001c4 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:30, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:35, Info                  CSI    000001c7 [SR] Verify complete
2014-11-21 17:48:36, Info                  CSI    000001c8 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:36, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:42, Info                  CSI    000001cb [SR] Verify complete
2014-11-21 17:48:42, Info                  CSI    000001cc [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:42, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:43, Info                  CSI    000001cf [SR] Verify complete
2014-11-21 17:48:44, Info                  CSI    000001d0 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:44, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:45, Info                  CSI    000001d3 [SR] Verify complete
2014-11-21 17:48:45, Info                  CSI    000001d4 [SR] Verifying 100 (0x00000064) components
2014-11-21 17:48:45, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:52, Info                  CSI    000001d7 [SR] Verify complete
2014-11-21 17:48:52, Info                  CSI    000001d8 [SR] Verifying 6 components
2014-11-21 17:48:52, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:52, Info                  CSI    000001db [SR] Verify complete
2014-11-21 17:48:52, Info                  CSI    000001dc [SR] Repairing 0 components
2014-11-21 17:48:52, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2014-11-21 17:48:52, Info                  CSI    000001df [SR] Repair complete

 



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 November 2014 - 01:49 PM

Hi soloio,

Would you reduce the size of the text in your replies, it is hard to read at that size.

How often do you have to press the reset button to reboot the computer?

I am unsure what issues are causing FRST to not complete properly. Let's try a different tool.

=========================

bullseye_zpse9eaf36e.gif Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "chkdsk /r" (make note of the space between chkdsk and /)
=========================

bullseye_zpse9eaf36e.gif To view results log:
  • Open the Start Menu, and type eventvwr.msc in the search box and press enter.
  • If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
  • In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
  • Copy and paste Chkdsk into the line, and click on Find Next.
  • You will now see the system log for the scan results of Check Disk (chkdsk).
  • In the right had menu select copy, open notepad and paste the chkdsk results into notepad
  • Post in your next reply.
=========================

bullseye_zpse9eaf36e.gif OTL
Download OTL and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • OTL.txt
  • Extras.txt
  • chkdsk results

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 soloio

soloio

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 23 November 2014 - 08:39 PM

Post 1 of 2
 

Your question: How often do you have to press the reset button to reboot the computer?

Only the FRST I do not recall any other or it may have been one more maybe Combofix, at beginning, but not shore

As for reset start only when I ran this program/s

 

I reduced the fond size of my replay from 14 to 12 or is it the fond of the scan; I do not know how to change the fond for the scanning programs

 

I am signed in as Administrator and I ran all programs as Administrator

 

SATURDAY

Cmd scan “ Chkdsk cannot run because the volume is in use by another process. Would you like to schedule tis volume to be checked the next time the system restarts? (Y/ N) “ Y

 

The system did not re-start by itself, See cmd Message Below.

Microsoft Windows [Version 6.1.7601]

Copyright © 2009 Microsoft Corporation.  All rights reserved.

 

C:\Windows\system32>chkdsk /r

The type of the file system is NTFS.

Cannot lock current drive.

 

Chkdsk cannot run because the volume is in use by another

process.  Would you like to schedule this volume to be

checked the next time the system restarts? (Y/N) y

 

This volume will be checked the next time the system restarts.

 

C:\Windows\system32>y

‘ y ‘ is not recognized as an internal or external command,

Operable program or batch file.

 

I restart by: pressing start then re-start, it scanned before completely shutting down, it takes hours to complete, then re-start and at startup says: scan pending do you want to scan I press NO, it restarts and asks again to scan,  I cancel scan, after 3 times cancelling I start normal,

 

It may be that the scan is in memory still and I do not know how to cancel it

 

After restart I search for the log “Chkdsk “ as directed, (the option FIND is NOT highlighted) different option in right click  the searches finds no log “ a  notification Box “ Event Viewer “ sais: “ Searching from the selected event to end of the list, there is no event that contains the specific string. To search all events, select the first event in the list and run the search again.” I am doing something wrong, Busy weekend I cannot continue

 

MONDAY Scan cmd Window:

 

I scan again, on the right: Event 26212, Chkdsk

Is this the scan result? Event Property “ General Tab”

 

Log Name:      Application

Source:        Chkdsk

Date:          11/15/2014 9:19:58 AM

Event ID:      26212

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      Khan

Description:

Chkdsk was executed in read-only mode on a volume snapshot. 

 

Checking file system on C:

The type of the file system is NTFS.

 

WARNING!  F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

  357632 file records processed.                                         

 

File verification completed.

  794 large file records processed.                                  

 

  0 bad file records processed.                                    

 

  2 EA records processed.                                          

 

  74 reparse records processed.                                     

 

CHKDSK is verifying indexes (stage 2 of 3)...

  420240 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                       

 

  0 unindexed files recovered.                                     

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  357632 file SDs/SIDs processed.                                       

 

Cleaning up 7472 unused index entries from index $SII of file 0x9.

Cleaning up 7472 unused index entries from index $SDH of file 0x9.

Cleaning up 7472 unused security descriptors.

Security descriptor verification completed.

  31305 data files processed.                                          

 

CHKDSK is verifying Usn Journal...

  195905360 USN bytes processed.                                           

 

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

 176160725 KB total disk space.

 123892372 KB in 248636 files.

    139032 KB in 31306 indexes.

         0 KB in bad sectors.

    774597 KB in use by the system.

     65536 KB occupied by the log file.

  51354724 KB available on disk.

 

      4096 bytes in each allocation unit.

  44040181 total allocation units on disk.

  12838681 allocation units available on disk.

 

Event Xml:

<Event xmlns="http://schemas.micro.../events/event">

  <System>

    <Provider Name="Chkdsk" />

    <EventID Qualifiers="0">26212</EventID>

    <Level>4</Level>

    <Task>0</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2014-11-14T23:19:58.000000000Z" />

    <EventRecordID>1054205</EventRecordID>

    <Channel>Application</Channel>

    <Computer>Khan</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

 

WARNING!  F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

  357632 file records processed.                                        

 

File verification completed.

  794 large file records processed.                                  

 

  0 bad file records processed.                                    

 

  2 EA records processed.                                          

 

  74 reparse records processed.                                     

 

CHKDSK is verifying indexes (stage 2 of 3)...

  420240 index entries processed.                                       

 

Index verification completed.

  0 unindexed files scanned.                                       

 

  0 unindexed files recovered.                                     

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  357632 file SDs/SIDs processed.                                       

 

Cleaning up 7472 unused index entries from index $SII of file 0x9.

Cleaning up 7472 unused index entries from index $SDH of file 0x9.

Cleaning up 7472 unused security descriptors.

Security descriptor verification completed.

  31305 data files processed.                                          

 

CHKDSK is verifying Usn Journal...

  195905360 USN bytes processed.                                            

 

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

 176160725 KB total disk space.

 123892372 KB in 248636 files.

    139032 KB in 31306 indexes.

         0 KB in bad sectors.

    774597 KB in use by the system.

     65536 KB occupied by the log file.

  51354724 KB available on disk.

 

      4096 bytes in each allocation unit.

  44040181 total allocation units on disk.

  12838681 allocation units available on disk.

</Data>

    <Binary>0075050090450400BCB4070000000000096A00004A0000000000000000000000</Binary>

  </EventData>

</Event>

 

Event Property “details Tab”

 

Log Name:      Application

Source:        Chkdsk

Date:          11/15/2014 9:19:58 AM

Event ID:      26212

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      Khan

Description:

Chkdsk was executed in read-only mode on a volume snapshot. 

 

Checking file system on C:

The type of the file system is NTFS.

 

WARNING!  F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

  357632 file records processed.                                        

 

File verification completed.

  794 large file records processed.                                  

 

  0 bad file records processed.                                    

 

  2 EA records processed.                                          

 

  74 reparse records processed.                                     

 

CHKDSK is verifying indexes (stage 2 of 3)...

  420240 index entries processed.                                       

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                     

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  357632 file SDs/SIDs processed.                                       

 

Cleaning up 7472 unused index entries from index $SII of file 0x9.

Cleaning up 7472 unused index entries from index $SDH of file 0x9.

Cleaning up 7472 unused security descriptors.

Security descriptor verification completed.

  31305 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  195905360 USN bytes processed.                                           

 

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

 176160725 KB total disk space.

 123892372 KB in 248636 files.

    139032 KB in 31306 indexes.

         0 KB in bad sectors.

    774597 KB in use by the system.

     65536 KB occupied by the log file.

  51354724 KB available on disk.

 

      4096 bytes in each allocation unit.

  44040181 total allocation units on disk.

  12838681 allocation units available on disk.

 

Event Xml:

<Event xmlns="http://schemas.micro.../events/event">

  <System>

    <Provider Name="Chkdsk" />

    <EventID Qualifiers="0">26212</EventID>

    <Level>4</Level>

    <Task>0</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2014-11-14T23:19:58.000000000Z" />

    <EventRecordID>1054205</EventRecordID>

    <Channel>Application</Channel>

    <Computer>Khan</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

 

WARNING!  F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

  357632 file records processed.                                        

 

File verification completed.

  794 large file records processed.                                  

 

  0 bad file records processed.                                     

 

  2 EA records processed.                                          

 

  74 reparse records processed.                                     

 

CHKDSK is verifying indexes (stage 2 of 3)...

  420240 index entries processed.                                       

 

Index verification completed.

  0 unindexed files scanned.                                       

 

  0 unindexed files recovered.                                     

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  357632 file SDs/SIDs processed.                                       

 

Cleaning up 7472 unused index entries from index $SII of file 0x9.

Cleaning up 7472 unused index entries from index $SDH of file 0x9.

Cleaning up 7472 unused security descriptors.

Security descriptor verification completed.

  31305 data files processed.                                          

 

CHKDSK is verifying Usn Journal...

  195905360 USN bytes processed.                                            

 

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

 176160725 KB total disk space.

 123892372 KB in 248636 files.

    139032 KB in 31306 indexes.

         0 KB in bad sectors.

    774597 KB in use by the system.

     65536 KB occupied by the log file.

  51354724 KB available on disk.

 

      4096 bytes in each allocation unit.

  44040181 total allocation units on disk.

  12838681 allocation units available on disk.

</Data>

    <Binary>0075050090450400BCB4070000000000096A00004A0000000000000000000000</Binary>

  </EventData>

</Event>

 

I Apologies for my incompetence


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users