Post 2 of 2
OTL Extras logfile created on: 11/24/2014 12:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.03% Memory free
6.00 Gb Paging File | 4.73 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 48.89 Gb Free Space | 29.10% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 42.39 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 375.55 Gb Free Space | 40.32% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 216.51 Gb Free Space | 46.48% Space Free | Partition Type: NTFS
Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- Reg Error: Key error.
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1299EC-AEA1-4A6A-B1AA-3ADE18FB7027}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F8B5151-2B2A-4B6C-B285-AD430D4EF5A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{0FCBBB6C-DD9E-4273-9817-E4A9D108CE4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{152E5DA6-7A85-45A2-A181-AE4A73041009}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3698ADEF-1BB3-48E1-A433-8C00DB510D55}" = rport=445 | protocol=6 | dir=out | app=system |
"{6F7BF9E2-74E9-4C54-95D9-CC20082796B3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{93662205-718F-4A4F-93D7-9A625F3AEEB5}" = lport=137 | protocol=17 | dir=in | app=system |
"{9544A200-D9BC-4834-827D-1F2374A51EEC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{99E36F88-1893-413D-96BB-DB42C6CB80B8}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0D84049-71DD-486F-9290-3861D97D7F48}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0F981F0-67E8-4EF1-8729-BA11D02FB7BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D832CD99-258A-431B-BB9F-07B686999B64}" = rport=139 | protocol=6 | dir=out | app=system |
"{E89C1504-2320-4FEA-9BA3-7141AFA2B3B7}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{E907FCF9-2CC9-4E2A-86ED-108105CFDF27}" = lport=138 | protocol=17 | dir=in | app=system |
"{F47047A2-1A12-4FF9-A488-40D6CC5E91A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC165F65-EA46-4E82-9631-7B480DCEF687}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27425E2A-D9FA-4AD4-AA02-D289714DEA49}" = dir=in | app=c:\program files\synergy\synergys.exe |
"{294A5858-AB48-43E7-B716-F8ED223C9FD0}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{2B950FCC-A284-44FD-A602-8BF968A45DCD}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{2DF73E76-28EC-40B3-A05A-F11D6CC92B2A}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{52490946-8CE0-4418-9EDF-B0456CD9B79C}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{5895703D-F761-46C9-BEF1-0E785FADCFD7}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{85E85A15-D81F-4A02-B60B-E6AFB61C558E}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{8AD43BFD-8316-42AC-9E3F-023D54B9D455}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{B1111474-B3A9-4022-A4B6-B8986AF39441}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{B2332F3E-ABA9-4DF3-8DE7-3A2F20A152A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C3FF51-3927-4683-81D4-AE4A235AEF8C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{BA6E84F5-7162-4A8A-A1B4-849E239625BB}" = dir=in | app=c:\program files\cyberlink\powerdirector12\pdr10.exe |
"{BC213702-F147-41D4-B269-D38976047E38}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{E5DC0441-0251-4CA3-9D73-FF6CDC4A51BE}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{F1804D86-D717-4A7A-A8E5-13B26BD7E91C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F693433E-7642-443D-A364-5D35707FACE6}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{67605852-ACBB-4033-A417-8893B70B9D7B}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{7180C88B-DAD7-459E-B12D-3AFBFD00A1C5}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{7C4A1450-1AC0-47E1-A183-1AB4B2A21219}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{B4086D37-3069-46FE-A8D9-14CA98FC2AF2}C:\program files\nero\nero 12\nero backitup\backitup.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 12\nero backitup\backitup.exe |
"UDP Query User{02D5F25D-7537-468F-B682-F2945B78D916}C:\program files\nero\nero 12\nero backitup\backitup.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 12\nero backitup\backitup.exe |
"UDP Query User{353CBAD1-1D68-434C-991B-35EFE4C37830}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{DBDCEA3D-3DC2-489D-84C5-E96AF9774F25}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{F10BEF7A-5B7C-4FC5-8AE5-7F3A1CE40DED}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6
"_{6688A246-F6E8-48AD-9806-8D5832E9F15D}" = Corel VideoStudio Ultimate X6
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{069793F3-E123-47B9-88DB-5DE76FF32ADB}" = WordPerfect Office X6 - Quattro Pro Files
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0C41D003-E38E-4C8A-BA67-AFF061E27F3F}" = Microsoft Mouse and Keyboard Center
"{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}" = WordPerfect Office X6 - WT
"{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}" = WordPerfect Office X6 - Quattro Pro Files English
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{230100D9-27B4-49A3-A30F-D44B51EF56AA}" = WordPerfect Office X6 - IPM
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.6
"{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6 - Setup Files
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}" = O&O DiskImage Professional
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{315FE707-7A15-4B1B-8C5A-955428AAA01D}" = WordPerfect Office X6 - Common Files
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{440F51A9-8CA3-41D7-AFD5-F47820895949}" = WordPerfect Office X6 - Lightning Files
"{48C4B49D-F876-4969-BF74-319EF3601A35}" = Synergy (32-bit)
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6688A246-F6E8-48AD-9806-8D5832E9F15D}" = ICA
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C11089A-E23F-4E9B-B12C-316BF1A4376B}" = Pdfedit
"{6C6EEA9F-3998-4E0D-B91F-43CB218C715C}" = Setup
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DCA86D6-F197-41B7-BD33-43E32A15A41E}" = ESET NOD32 Antivirus
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7DD1E51E-645D-11E2-A794-F04DA23A5C58}" = MSVCRT Redists
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}" = WordPerfect Office X6 - System Files
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}" = WordPerfect Office X6 - Presentations Files English
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8959569B-D9BA-43A9-972A-D509EE7D4BA9}" = WordPerfect Office X6 - Oxford
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0015-0410-0000-0000000FF1CE}" = Microsoft Access MUI (Italian) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0016-0410-0000-0000000FF1CE}" = Microsoft Excel MUI (Italian) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0018-0410-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Italian) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-0019-0410-0000-0000000FF1CE}" = Microsoft Publisher MUI (Italian) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001A-0410-0000-0000000FF1CE}" = Microsoft Outlook MUI (Italian) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001B-0410-0000-0000000FF1CE}" = Microsoft Word MUI (Italian) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-0044-0410-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Italian) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-0090-0410-0000-0000000FF1CE}" = Microsoft DCF MUI (Italian) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00A1-0410-0000-0000000FF1CE}" = Microsoft OneNote MUI (Italian) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00BA-0410-0000-0000000FF1CE}" = Microsoft Groove MUI (Italian) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E1-0410-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Italian) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-00E2-0410-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Italian) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90150000-012B-0410-0000-0000000FF1CE}" = Microsoft Lync MUI (Italian) 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{942DF6BD-E4F2-4915-B4FB-09C02B71284F}" = VT-Paul-M16-SAPI5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}" = OlympusCodecs
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1" = Classic Menu for Office Enterprise 2010 and 2013 v5.85
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FAD67A7-3A4E-4754-AAC4-0397F370611D}" = VT-Kate-M16-SAPI5
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AD7DA145-3118-4D69-BE89-D3ED1510BD15}" = Share
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2924E73-F1A6-47D6-8630-7CC210197B07}" = WordPerfect Office X6
"{C4367E67-52FE-45C6-889C-F48CE7883CA8}" = VT-Bridget-M16-SAPI5
"{C496F7CD-ED09-4D8D-872E-3470D4717714}" = VT-Julie-M16-SAPI5
"{C4D92146-95DE-415A-99CC-51FBFF7C10CF}" = WordPerfect Office X6 - Lightning Files English
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CCADD122-70A5-47A6-8722-1BD5267B85F5}" = WordPerfect Office X6 - WordPerfect Files
"{CCC10E8E-7FD1-4D55-87C2-D0A5ABC0A62B}" = IPM_VS_Pro
"{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}" = WordPerfect Office X6 - WordPerfect Files English
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CDD9088F-A371-4C16-B24E-DC74C61C3EE1}" = VSUltimate
"{D0096E50-D99E-4178-A988-E5192B6F6B91}" = VSClassic
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1" = The FTW Transcriber version 3.1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D529E699-7753-46E7-8B73-C5556EF5B486}" = Nero 12
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-790CW
"{D9DD0D4F-6E5A-484D-AD8C-FD3BAF5D4450}" = VSHelp
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1646825-D391-42A0-93AA-27FA810DA093}" = CyberLink PowerDirector 12
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E1AF3785-AA77-471E-ABC5-4C2B459B877A}" = WordPerfect Office X6 - Common Files English
"{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}" = WordPerfect Office X6 - Presentations Files
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE0B1766-153A-4251-A192-F8FD3D941711}" = Contents
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AnyDVD" = AnyDVD
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"AviSynth" = AviSynth 2.5
"AZARDI_is1" = AZARDI
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 6.0
"Balabolka" = Balabolka
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader
"Free Sound Recorder_is1" = Free Sound Recorder v9.7.5
"GIMP-2_is1" = GIMP 2.8.14
"HashCalc_is1" = HashCalc 2.02
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HashTab" = HashTab 5.1.0.23
"ImgBurn" = ImgBurn
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}" = CyberLink PowerDirector 12
"LHTTSITI" = L&H TTS3000 Italiano
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"NewBlue Video Essentials for Cyberlink" = NewBlue Video Essentials for PowerDirector
"NewBlue Video Essentials II for Cyberlink" = NewBlue Video Essentials II for PowerDirector
"NewBlue Video Essentials III for Cyberlink" = NewBlue Video Essentials III for PowerDirector
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Sandboxie" = Sandboxie 4.08 (32-bit)
"Software Remove Master_is1" = Software Remove Master v5.0.1.3
"Soulseek2" = SoulSeek 157 NS 13e
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TNod" = TNod User & Password Finder
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/17/2014 1:06:05 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/17/2014 9:29:37 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/17/2014 10:41:05 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/18/2014 5:01:25 AM | Computer Name = Khan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17344 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b4ec Start
Time: 01d0030a956f120d Termination Time: 134 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:
Error - 11/18/2014 7:07:11 PM | Computer Name = Khan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17344 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14fe8 Start
Time: 01d003802222269f Termination Time: 109 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:
Error - 11/19/2014 9:34:26 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/20/2014 8:19:32 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: mbamgui.exe, version: 1.61.0.0, time stamp:
0x4f6b8ae8 Faulting module name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8
Exception
code: 0x40000015 Fault offset: 0x00014965 Faulting process id: 0xa24 Faulting application
start time: 0x01d004bc393b0115 Faulting application path: C:\Program Files\Malwarebytes'
Anti-Malware\mbamgui.exe Faulting module path: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Report
Id: 7adc3818-70af-11e4-b6ac-001a4d5634f4
Error - 11/20/2014 11:30:27 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/21/2014 11:55:45 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/22/2014 11:13:46 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ OSession Events ]
Error - 2/1/2012 8:09:29 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 6/6/2012 8:13:04 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 7/14/2012 2:56:05 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 7/29/2012 9:03:44 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 11/5/2012 5:02:20 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 11/7/2012 3:42:45 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 5/23/2013 3:51:14 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 7/29/2013 2:20:52 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
Error - 8/28/2013 11:42:27 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
[ System Events ]
Error - 11/21/2014 1:30:16 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 11/21/2014 1:30:17 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 11/21/2014 2:16:43 AM | Computer Name = Khan | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:13:40 PM on ?11/?21/?2014 was unexpected.
Error - 11/21/2014 2:17:01 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058
Error - 11/21/2014 2:17:26 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
hcov
Error - 11/21/2014 7:47:25 PM | Computer Name = Khan | Source = DCOM | ID = 10010
Description =
Error - 11/21/2014 9:25:17 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058
Error - 11/21/2014 9:25:34 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
hcov
Error - 11/23/2014 8:26:32 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058
Error - 11/23/2014 8:27:24 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
hcov
< End of report >
OTL logfile created on: 11/24/2014 12:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.03% Memory free
6.00 Gb Paging File | 4.73 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 48.89 Gb Free Space | 29.10% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 42.39 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 375.55 Gb Free Space | 40.32% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 216.51 Gb Free Space | 46.48% Space Free | Partition Type: NTFS
Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office15\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synergy\synergyd.exe ()
PRC - C:\Program Files\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OO Software\DiskImage\oodiag.exe (O&O Software GmbH)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\vdsldr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL ()
MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files\Classic Menu for Office\ArmAccess.dll ()
========== Services (SafeList) ==========
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (Synergy) -- C:\Program Files\Synergy\synergyd.exe ()
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (DisplayFusionService) -- C:\Program Files\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Olympus DVR Service) -- C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe (OLYMPUS IMAGING CORP.)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (OO DiskImage) -- C:\Program Files\OO Software\DiskImage\oodiag.exe (O&O Software GmbH)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (hcov) -- System32\drivers\werlmk.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (oem-drv86) -- C:\Windows\System32\drivers\oem-drv86.sys (secr9tos)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV - (pimou) -- C:\Windows\System32\drivers\pimou.sys (Christian Gulden)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (oodivd) -- C:\Windows\System32\drivers\oodivd.sys (O&O Software GmbH)
DRV - (oodivdh) -- C:\Windows\System32\drivers\oodivdh.sys (O&O Software GmbH)
DRV - (oodisr) -- C:\Windows\System32\drivers\oodisr.sys (O&O Software GmbH)
DRV - (oodisrh) -- C:\Windows\System32\drivers\oodisrh.sys (O&O Software GmbH)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (WCMVCAM) -- C:\Windows\System32\drivers\wcmvcam.sys (Windows ® Win 7 DDK provider)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 83 7E D4 43 E9 CF 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{752BC5B5-BEAC-4571-A521-42059DEEE0A5}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 21:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/11 08:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/01/25 22:36:10 | 000,000,000 | ---D | M]
[2013/09/07 16:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2014/11/06 23:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391\extensions
[2014/10/16 16:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hizwc2ve.default\extensions
[2013/11/02 21:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\SeaMonkey\Profiles\aoioq0mu.default\extensions
[2013/11/02 21:07:22 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Administrator\AppData\Roaming\Mozilla\SeaMonkey\Profiles\aoioq0mu.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2014/11/11 08:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/11 08:27:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/27 11:41:40 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
O1 HOSTS File: ([2014/11/20 23:28:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe File not found
O4 - HKCU..\Run: [~rmvtxrr] C:\Users\Administrator\Downloads\fg742p.exe (Dynamic Internet Technology, Inc.)
O4 - HKCU..\Run: [Lync] C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/11/24 11:55:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/11/21 00:18:58 | 001,108,992 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2014/11/20 23:28:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/11/20 22:25:30 | 005,598,306 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2014/11/20 08:27:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/19 10:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/11/19 10:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2014/11/16 16:44:59 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/15 02:39:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/11/15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/11/15 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2014/11/14 19:04:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/12 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\2006 FIFA World Cup™
[2014/11/12 14:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/11/12 12:48:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2014/11/11 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Olympus Shared
[2014/11/11 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
[2014/11/11 17:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\The FTW Transcriber
[2014/11/11 12:07:05 | 000,079,576 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/11 09:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2014/11/11 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVS4YOU
[2014/11/11 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2014/11/11 09:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2014/11/11 08:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/11/03 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Balabolka
[2014/11/03 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
[2014/11/03 23:36:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Balabolka
[2014/11/03 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Balabolka
[2014/11/02 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\CyberLink
[2014/11/02 15:57:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
[2014/11/02 15:31:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
[2014/11/02 15:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2014/11/02 15:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2014/10/31 18:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2014/10/31 18:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2014/10/28 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Nuance
[2014/10/25 19:43:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\USB PEN
[2013/09/17 22:22:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys
[15 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/11/24 11:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/11/24 10:32:12 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 10:32:12 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 10:30:50 | 000,652,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/24 10:30:50 | 000,118,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/24 10:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/24 10:26:20 | 2414,727,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/24 10:26:05 | 000,028,160 | ---- | M] (secr9tos) -- C:\Windows\System32\drivers\oem-drv86.sys
[2014/11/24 10:21:58 | 000,003,528 | ---- | M] () -- C:\bootsqm.dat
[2014/11/21 10:02:49 | 000,001,007 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2014/11/21 00:19:04 | 001,108,992 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2014/11/20 23:28:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/11/20 22:25:52 | 005,598,306 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2014/11/19 17:38:55 | 000,007,613 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014/11/19 10:10:02 | 000,079,576 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/19 09:33:18 | 000,854,414 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/11/18 01:45:17 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/18 01:45:17 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/15 10:49:39 | 003,943,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/15 02:39:55 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2014/11/14 22:35:34 | 000,048,433 | ---- | M] () -- C:\Users\Administrator\Desktop\NEW firs Half.rtf
[2014/11/13 14:50:04 | 000,001,149 | ---- | M] () -- C:\Windows\~soundrecorder.dat
[2014/11/12 23:17:18 | 000,002,952 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/11/11 18:36:30 | 000,003,079 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
[2014/11/11 17:37:23 | 000,000,288 | ---- | M] () -- C:\Windows\Support.ini
[2014/11/09 10:38:57 | 012,845,056 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2014/11/03 23:36:13 | 000,000,951 | ---- | M] () -- C:\Users\Administrator\Desktop\Balabolka.lnk
[2014/11/02 16:02:07 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_654
[2014/11/02 15:57:55 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
[2014/11/02 15:31:34 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
[2014/11/02 15:21:24 | 000,064,218 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20141102_142119.reg
[2014/10/31 17:46:17 | 000,039,542 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20141031_164610.reg
[2014/10/29 22:02:57 | 000,000,841 | ---- | M] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
[2014/10/25 15:40:45 | 000,011,896 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20141025_154032.reg
[15 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/11/24 10:21:58 | 000,003,528 | ---- | C] () -- C:\bootsqm.dat
[2014/11/19 09:33:10 | 000,854,414 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/11/15 11:03:29 | 000,001,102 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/11/15 02:39:55 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2014/11/14 16:51:04 | 000,048,433 | ---- | C] () -- C:\Users\Administrator\Desktop\NEW firs Half.rtf
[2014/11/11 17:37:23 | 000,000,288 | ---- | C] () -- C:\Windows\Support.ini
[2014/11/11 11:00:01 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
[2014/11/10 10:01:58 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
[2014/11/04 11:58:51 | 000,001,149 | ---- | C] () -- C:\Windows\~soundrecorder.dat
[2014/11/03 23:36:13 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\Desktop\Balabolka.lnk
[2014/11/02 15:57:55 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
[2014/11/02 15:31:34 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
[2014/11/02 15:21:21 | 000,064,218 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20141102_142119.reg
[2014/10/31 17:46:13 | 000,039,542 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20141031_164610.reg
[2014/10/29 22:02:57 | 000,000,841 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
[2014/10/25 15:40:34 | 000,011,896 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20141025_154032.reg
[2014/10/16 23:10:51 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2014/10/16 18:42:28 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/10/14 14:04:23 | 000,098,928 | ---- | C] () -- C:\Windows\System32\drivers\vmci.sys.dump
[2014/10/14 14:04:23 | 000,063,920 | ---- | C] () -- C:\Windows\System32\drivers\vmx_svga.sys.dump
[2014/10/07 14:29:08 | 181,974,298 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_8_0_447.zip.aamdownload
[2014/10/07 14:29:08 | 000,002,174 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_8_0_447.zip.aamdownload.aamd
[2014/10/04 18:13:43 | 000,004,142 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
[2014/05/02 12:37:56 | 000,063,920 | ---- | C] () -- C:\Windows\System32\drivers\vmx_svga.sys
[2014/05/02 12:37:48 | 000,098,928 | ---- | C] () -- C:\Windows\System32\drivers\vmci.sys
[2014/05/02 12:16:12 | 000,079,176 | ---- | C] () -- C:\Windows\System32\TPVMMonUI.dll
[2014/04/09 15:12:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/09 15:12:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/09 15:12:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/09 15:12:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/09 15:12:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/24 22:45:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014/03/18 20:46:19 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/03/18 08:45:08 | 000,000,029 | ---- | C] () -- C:\Users\Administrator\.gtk-bookmarks
[2014/01/11 00:56:12 | 000,002,952 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/12/02 16:05:27 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2013/11/25 12:02:59 | 000,009,136 | ---- | C] () -- C:\Windows\System32\Inetwh16.dll
[2013/11/25 12:02:59 | 000,004,528 | ---- | C] () -- C:\Windows\System32\Setbrows.exe
[2013/11/25 11:52:13 | 000,000,061 | ---- | C] () -- C:\Windows\USRWIZ.INI
[2013/11/25 11:46:13 | 000,022,792 | ---- | C] () -- C:\Windows\System32\StnLang.ini
[2013/11/17 17:07:40 | 144,752,885 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
[2013/11/17 17:07:40 | 000,001,817 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
[2013/11/04 23:00:42 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/11/03 17:00:42 | 000,007,613 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/11/02 21:22:57 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013/11/02 20:37:42 | 012,845,056 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2013/10/16 10:29:32 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/10/15 23:24:23 | 000,000,137 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/10/15 23:23:51 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2013/10/15 23:23:51 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2013/10/15 23:23:51 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013/10/15 23:23:51 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/09/25 09:41:51 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/17 22:22:35 | 000,007,887 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat
[2013/09/17 22:22:35 | 000,001,144 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf
[2013/09/11 20:43:57 | 000,000,583 | ---- | C] () -- C:\Windows\SMSI.INI
[2013/08/27 22:24:53 | 000,003,079 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
[2013/08/23 09:27:29 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/08/05 22:54:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2013/07/22 14:30:08 | 000,000,112 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\JP2K CS6 Prefs
[2013/07/16 00:48:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/16 00:48:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/16 00:48:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/08 17:18:34 | 000,109,696 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2013/07/08 17:18:34 | 000,091,264 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2013/06/20 15:38:34 | 000,000,560 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/06/08 16:46:48 | 000,000,288 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\.backup.dm
[2013/05/22 11:43:31 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI
[2013/04/27 14:18:18 | 000,000,124 | ---- | C] () -- C:\Windows\spwdrp.INI
[2013/04/04 11:09:55 | 000,000,164 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PLGComp.ini
[2013/03/13 13:09:56 | 005,141,508 | ---- | C] () -- C:\Users\Administrator\Desktop.zip
[2013/02/21 17:01:42 | 000,011,089 | ---- | C] () -- C:\Program Files\satsukidecoderdetect.ini
[2013/02/21 17:01:41 | 000,004,095 | ---- | C] () -- C:\Program Files\satsukidecodersettings.ini
[2013/02/15 19:43:09 | 000,002,212 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2013/02/15 19:43:03 | 000,002,212 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2013/01/16 11:26:11 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2013/01/16 11:25:47 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2013/01/16 11:25:24 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2004/05/13 12:26:48 | 000,084,784 | ---- | C] () -- C:\Program Files\fciv.exe
========== ZeroAccess Check ==========
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 11:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 07:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2013/11/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acronis
[2013/11/02 21:06:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2014/10/18 13:37:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2014/11/03 23:36:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Balabolka
[2013/05/27 09:30:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
[2014/08/27 16:31:39 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\Common
[2014/10/21 16:43:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cool Record Edit Pro
[2014/10/07 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CrystalIdea Software
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Digiarty
[2014/10/18 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DisplayFusion
[2014/07/17 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EncryptStick
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2014/09/09 09:37:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2014/07/25 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2014/09/23 09:52:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free Sound Recorder
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Geek Uninstaller
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Infogrid Pacific Pte. Ltd
[2013/11/02 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2014/10/16 16:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2013/09/06 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2014/01/25 08:32:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iSkysoft
[2013/10/10 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Jasc
[2013/11/02 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2014/10/04 18:13:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Movavi
[2014/01/27 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPC-HC
[2013/11/02 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2013/11/02 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2014/10/28 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nuance
[2014/11/12 12:48:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2013/11/10 16:01:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PowerISO
[2014/11/20 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProductData
[2013/11/07 11:29:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2014/01/08 00:16:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\R-TT
[2014/05/22 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Recordpad
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2014/10/17 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seagate
[2013/11/07 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SoftGrid Client
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\spotmau
[2014/09/24 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2014/08/20 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TP
[2014/10/28 11:53:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tracker Software
[2013/12/27 10:43:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013/11/02 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UDC Profiles
[2013/11/02 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2013/11/02 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSoft
[2014/11/20 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013/09/19 18:29:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XnView
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\YCanPDF
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Youtube Downloader HD
[2013/11/02 21:07:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/21 07:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/21 07:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 07:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2014/07/16 12:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/17 11:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\ERDNT\cache\winlogon.exe
[2014/07/17 11:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/17 11:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/21 07:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014/03/04 19:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 20:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
========== Base Services ==========
SRV - [2009/07/14 11:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 14:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 11:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/21 07:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/21 07:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014/04/12 12:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 07:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2014/07/07 11:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/21 07:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/21 07:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 11:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 11:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/21 07:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 11:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 11:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 11:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/04 02:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 11:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 20:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 15:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014/04/12 12:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 11:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/21 07:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/21 07:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 11:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014/04/12 12:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/21 07:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/21 07:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/21 07:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/21 07:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 14:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/21 07:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2014/07/07 11:40:04 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2014/07/07 11:40:04 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/21 07:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/21 07:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/21 07:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/21 07:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/21 07:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2014/05/15 02:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/21 07:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 11:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/21 07:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3320613AS ATA Device
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500418AS ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EARS-00MVWB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Brother MFC-790CW USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 130.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 168.00GB
Starting Offset: 139681704960
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
========== Alternate Data Streams ==========
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:A5C00DEE
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >