WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is It a Backdoor.Win32 [Solved]

Started by soloio , Nov 16 2014 01:34 AM

Am I infected with a virus?

This topic is locked

42 replies to this topic

#16 soloio

Authentic Member

Authentic Member
22 posts

Posted 23 November 2014 - 08:43 PM

Post 2 of 2

OTL Extras logfile created on: 11/24/2014 12:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.03% Memory free
6.00 Gb Paging File | 4.73 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 48.89 Gb Free Space | 29.10% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 42.39 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 375.55 Gb Free Space | 40.32% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 216.51 Gb Free Space | 46.48% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- Reg Error: Key error.
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1299EC-AEA1-4A6A-B1AA-3ADE18FB7027}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F8B5151-2B2A-4B6C-B285-AD430D4EF5A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{0FCBBB6C-DD9E-4273-9817-E4A9D108CE4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{152E5DA6-7A85-45A2-A181-AE4A73041009}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3698ADEF-1BB3-48E1-A433-8C00DB510D55}" = rport=445 | protocol=6 | dir=out | app=system |
"{6F7BF9E2-74E9-4C54-95D9-CC20082796B3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{93662205-718F-4A4F-93D7-9A625F3AEEB5}" = lport=137 | protocol=17 | dir=in | app=system |
"{9544A200-D9BC-4834-827D-1F2374A51EEC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{99E36F88-1893-413D-96BB-DB42C6CB80B8}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0D84049-71DD-486F-9290-3861D97D7F48}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0F981F0-67E8-4EF1-8729-BA11D02FB7BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D832CD99-258A-431B-BB9F-07B686999B64}" = rport=139 | protocol=6 | dir=out | app=system |
"{E89C1504-2320-4FEA-9BA3-7141AFA2B3B7}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{E907FCF9-2CC9-4E2A-86ED-108105CFDF27}" = lport=138 | protocol=17 | dir=in | app=system |
"{F47047A2-1A12-4FF9-A488-40D6CC5E91A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC165F65-EA46-4E82-9631-7B480DCEF687}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27425E2A-D9FA-4AD4-AA02-D289714DEA49}" = dir=in | app=c:\program files\synergy\synergys.exe |
"{294A5858-AB48-43E7-B716-F8ED223C9FD0}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{2B950FCC-A284-44FD-A602-8BF968A45DCD}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{2DF73E76-28EC-40B3-A05A-F11D6CC92B2A}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{52490946-8CE0-4418-9EDF-B0456CD9B79C}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{5895703D-F761-46C9-BEF1-0E785FADCFD7}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{85E85A15-D81F-4A02-B60B-E6AFB61C558E}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{8AD43BFD-8316-42AC-9E3F-023D54B9D455}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{B1111474-B3A9-4022-A4B6-B8986AF39441}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{B2332F3E-ABA9-4DF3-8DE7-3A2F20A152A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C3FF51-3927-4683-81D4-AE4A235AEF8C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{BA6E84F5-7162-4A8A-A1B4-849E239625BB}" = dir=in | app=c:\program files\cyberlink\powerdirector12\pdr10.exe |
"{BC213702-F147-41D4-B269-D38976047E38}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"{E5DC0441-0251-4CA3-9D73-FF6CDC4A51BE}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{F1804D86-D717-4A7A-A8E5-13B26BD7E91C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F693433E-7642-443D-A364-5D35707FACE6}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{67605852-ACBB-4033-A417-8893B70B9D7B}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{7180C88B-DAD7-459E-B12D-3AFBFD00A1C5}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{7C4A1450-1AC0-47E1-A183-1AB4B2A21219}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{B4086D37-3069-46FE-A8D9-14CA98FC2AF2}C:\program files\nero\nero 12\nero backitup\backitup.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 12\nero backitup\backitup.exe |
"UDP Query User{02D5F25D-7537-468F-B682-F2945B78D916}C:\program files\nero\nero 12\nero backitup\backitup.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 12\nero backitup\backitup.exe |
"UDP Query User{353CBAD1-1D68-434C-991B-35EFE4C37830}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{DBDCEA3D-3DC2-489D-84C5-E96AF9774F25}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{F10BEF7A-5B7C-4FC5-8AE5-7F3A1CE40DED}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6
"_{6688A246-F6E8-48AD-9806-8D5832E9F15D}" = Corel VideoStudio Ultimate X6
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{069793F3-E123-47B9-88DB-5DE76FF32ADB}" = WordPerfect Office X6 - Quattro Pro Files
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0C41D003-E38E-4C8A-BA67-AFF061E27F3F}" = Microsoft Mouse and Keyboard Center
"{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}" = WordPerfect Office X6 - WT
"{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}" = WordPerfect Office X6 - Quattro Pro Files English
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{230100D9-27B4-49A3-A30F-D44B51EF56AA}" = WordPerfect Office X6 - IPM
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.6
"{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6 - Setup Files
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}" = O&O DiskImage Professional
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{315FE707-7A15-4B1B-8C5A-955428AAA01D}" = WordPerfect Office X6 - Common Files
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{440F51A9-8CA3-41D7-AFD5-F47820895949}" = WordPerfect Office X6 - Lightning Files
"{48C4B49D-F876-4969-BF74-319EF3601A35}" = Synergy (32-bit)
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6688A246-F6E8-48AD-9806-8D5832E9F15D}" = ICA
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6C11089A-E23F-4E9B-B12C-316BF1A4376B}" = Pdfedit
"{6C6EEA9F-3998-4E0D-B91F-43CB218C715C}" = Setup
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DCA86D6-F197-41B7-BD33-43E32A15A41E}" = ESET NOD32 Antivirus
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7DD1E51E-645D-11E2-A794-F04DA23A5C58}" = MSVCRT Redists
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}" = WordPerfect Office X6 - System Files
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}" = WordPerfect Office X6 - Presentations Files English
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8959569B-D9BA-43A9-972A-D509EE7D4BA9}" = WordPerfect Office X6 - Oxford
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0015-0410-0000-0000000FF1CE}" = Microsoft Access MUI (Italian) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0016-0410-0000-0000000FF1CE}" = Microsoft Excel MUI (Italian) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0018-0410-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Italian) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-0019-0410-0000-0000000FF1CE}" = Microsoft Publisher MUI (Italian) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001A-0410-0000-0000000FF1CE}" = Microsoft Outlook MUI (Italian) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001B-0410-0000-0000000FF1CE}" = Microsoft Word MUI (Italian) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-0044-0410-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Italian) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-0090-0410-0000-0000000FF1CE}" = Microsoft DCF MUI (Italian) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00A1-0410-0000-0000000FF1CE}" = Microsoft OneNote MUI (Italian) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00BA-0410-0000-0000000FF1CE}" = Microsoft Groove MUI (Italian) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E1-0410-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Italian) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-00E2-0410-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Italian) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90150000-012B-0410-0000-0000000FF1CE}" = Microsoft Lync MUI (Italian) 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{942DF6BD-E4F2-4915-B4FB-09C02B71284F}" = VT-Paul-M16-SAPI5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}" = OlympusCodecs
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1" = Classic Menu for Office Enterprise 2010 and 2013 v5.85
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FAD67A7-3A4E-4754-AAC4-0397F370611D}" = VT-Kate-M16-SAPI5
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AD7DA145-3118-4D69-BE89-D3ED1510BD15}" = Share
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2924E73-F1A6-47D6-8630-7CC210197B07}" = WordPerfect Office X6
"{C4367E67-52FE-45C6-889C-F48CE7883CA8}" = VT-Bridget-M16-SAPI5
"{C496F7CD-ED09-4D8D-872E-3470D4717714}" = VT-Julie-M16-SAPI5
"{C4D92146-95DE-415A-99CC-51FBFF7C10CF}" = WordPerfect Office X6 - Lightning Files English
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CCADD122-70A5-47A6-8722-1BD5267B85F5}" = WordPerfect Office X6 - WordPerfect Files
"{CCC10E8E-7FD1-4D55-87C2-D0A5ABC0A62B}" = IPM_VS_Pro
"{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}" = WordPerfect Office X6 - WordPerfect Files English
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CDD9088F-A371-4C16-B24E-DC74C61C3EE1}" = VSUltimate
"{D0096E50-D99E-4178-A988-E5192B6F6B91}" = VSClassic
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1" = The FTW Transcriber version 3.1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D529E699-7753-46E7-8B73-C5556EF5B486}" = Nero 12
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-790CW
"{D9DD0D4F-6E5A-484D-AD8C-FD3BAF5D4450}" = VSHelp
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1646825-D391-42A0-93AA-27FA810DA093}" = CyberLink PowerDirector 12
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E1AF3785-AA77-471E-ABC5-4C2B459B877A}" = WordPerfect Office X6 - Common Files English
"{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}" = WordPerfect Office X6 - Presentations Files
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE0B1766-153A-4251-A192-F8FD3D941711}" = Contents
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AnyDVD" = AnyDVD
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"AviSynth" = AviSynth 2.5
"AZARDI_is1" = AZARDI
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 6.0
"Balabolka" = Balabolka
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader
"Free Sound Recorder_is1" = Free Sound Recorder v9.7.5
"GIMP-2_is1" = GIMP 2.8.14
"HashCalc_is1" = HashCalc 2.02
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HashTab" = HashTab 5.1.0.23
"ImgBurn" = ImgBurn
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}" = CyberLink PowerDirector 12
"LHTTSITI" = L&H TTS3000 Italiano
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"NewBlue Video Essentials for Cyberlink" = NewBlue Video Essentials for PowerDirector
"NewBlue Video Essentials II for Cyberlink" = NewBlue Video Essentials II for PowerDirector
"NewBlue Video Essentials III for Cyberlink" = NewBlue Video Essentials III for PowerDirector
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Sandboxie" = Sandboxie 4.08 (32-bit)
"Software Remove Master_is1" = Software Remove Master v5.0.1.3
"Soulseek2" = SoulSeek 157 NS 13e
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TNod" = TNod User & Password Finder
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2014 1:06:05 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/17/2014 9:29:37 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/17/2014 10:41:05 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/18/2014 5:01:25 AM | Computer Name = Khan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17344 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: b4ec    Start
Time: 01d0030a956f120d    Termination Time: 134    Application Path: C:\Program Files\Internet
Explorer\iexplore.exe    Report Id:

Error - 11/18/2014 7:07:11 PM | Computer Name = Khan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17344 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: 14fe8    Start
Time: 01d003802222269f    Termination Time: 109    Application Path: C:\Program Files\Internet
Explorer\iexplore.exe    Report Id:

Error - 11/19/2014 9:34:26 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/20/2014 8:19:32 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: mbamgui.exe, version: 1.61.0.0, time stamp:
0x4f6b8ae8 Faulting module name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8
Exception
code: 0x40000015 Fault offset: 0x00014965 Faulting process id: 0xa24 Faulting application
start time: 0x01d004bc393b0115 Faulting application path: C:\Program Files\Malwarebytes'
Anti-Malware\mbamgui.exe Faulting module path: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Report
Id: 7adc3818-70af-11e4-b6ac-001a4d5634f4

Error - 11/20/2014 11:30:27 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/21/2014 11:55:45 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/22/2014 11:13:46 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector12\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]
Error - 2/1/2012 8:09:29 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 6/6/2012 8:13:04 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 7/14/2012 2:56:05 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 7/29/2012 9:03:44 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 11/5/2012 5:02:20 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 11/7/2012 3:42:45 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/23/2013 3:51:14 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 7/29/2013 2:20:52 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 8/28/2013 11:42:27 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 11/21/2014 1:30:16 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 11/21/2014 1:30:17 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/21/2014 2:16:43 AM | Computer Name = Khan | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:13:40 PM on ?11/?21/?2014 was unexpected.

Error - 11/21/2014 2:17:01 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error:   %%1058

Error - 11/21/2014 2:17:26 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   hcov

Error - 11/21/2014 7:47:25 PM | Computer Name = Khan | Source = DCOM | ID = 10010
Description =

Error - 11/21/2014 9:25:17 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error:   %%1058

Error - 11/21/2014 9:25:34 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   hcov

Error - 11/23/2014 8:26:32 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error:   %%1058

Error - 11/23/2014 8:27:24 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   hcov

< End of report >

OTL logfile created on: 11/24/2014 12:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.03% Memory free
6.00 Gb Paging File | 4.73 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 48.89 Gb Free Space | 29.10% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 42.39 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 375.55 Gb Free Space | 40.32% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 216.51 Gb Free Space | 46.48% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office15\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synergy\synergyd.exe ()
PRC - C:\Program Files\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OO Software\DiskImage\oodiag.exe (O&O Software GmbH)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\vdsldr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL ()
MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files\Classic Menu for Office\ArmAccess.dll ()

========== Services (SafeList) ==========

SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (Synergy) -- C:\Program Files\Synergy\synergyd.exe ()
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (DisplayFusionService) -- C:\Program Files\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Olympus DVR Service) -- C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe (OLYMPUS IMAGING CORP.)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (OO DiskImage) -- C:\Program Files\OO Software\DiskImage\oodiag.exe (O&O Software GmbH)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (hcov) -- System32\drivers\werlmk.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (oem-drv86) -- C:\Windows\System32\drivers\oem-drv86.sys (secr9tos)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV - (pimou) -- C:\Windows\System32\drivers\pimou.sys (Christian Gulden)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (oodivd) -- C:\Windows\System32\drivers\oodivd.sys (O&O Software GmbH)
DRV - (oodivdh) -- C:\Windows\System32\drivers\oodivdh.sys (O&O Software GmbH)
DRV - (oodisr) -- C:\Windows\System32\drivers\oodisr.sys (O&O Software GmbH)
DRV - (oodisrh) -- C:\Windows\System32\drivers\oodisrh.sys (O&O Software GmbH)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (WCMVCAM) -- C:\Windows\System32\drivers\wcmvcam.sys (Windows ® Win 7 DDK provider)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 83 7E D4 43 E9 CF 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{752BC5B5-BEAC-4571-A521-42059DEEE0A5}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 21:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/11 08:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/01/25 22:36:10 | 000,000,000 | ---D | M]

[2013/09/07 16:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2014/11/06 23:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391\extensions
[2014/10/16 16:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hizwc2ve.default\extensions
[2013/11/02 21:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\SeaMonkey\Profiles\aoioq0mu.default\extensions
[2013/11/02 21:07:22 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Administrator\AppData\Roaming\Mozilla\SeaMonkey\Profiles\aoioq0mu.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2014/11/11 08:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/11 08:27:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/27 11:41:40 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2014/11/20 23:28:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe File not found
O4 - HKCU..\Run: [~rmvtxrr] C:\Users\Administrator\Downloads\fg742p.exe (Dynamic Internet Technology, Inc.)
O4 - HKCU..\Run: [Lync] C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/11/24 11:55:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/11/21 00:18:58 | 001,108,992 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2014/11/20 23:28:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/11/20 22:25:30 | 005,598,306 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2014/11/20 08:27:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/19 10:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/11/19 10:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2014/11/16 16:44:59 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/15 02:39:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/11/15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/11/15 00:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2014/11/14 19:04:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/12 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\2006 FIFA World Cup™
[2014/11/12 14:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/11/12 12:48:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2014/11/11 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Olympus Shared
[2014/11/11 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
[2014/11/11 17:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\The FTW Transcriber
[2014/11/11 12:07:05 | 000,079,576 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/11 09:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2014/11/11 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVS4YOU
[2014/11/11 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2014/11/11 09:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2014/11/11 08:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/11/03 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Balabolka
[2014/11/03 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
[2014/11/03 23:36:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Balabolka
[2014/11/03 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Balabolka
[2014/11/02 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\CyberLink
[2014/11/02 15:57:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
[2014/11/02 15:31:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
[2014/11/02 15:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2014/11/02 15:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2014/10/31 18:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2014/10/31 18:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2014/10/28 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Nuance
[2014/10/25 19:43:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\USB PEN
[2013/09/17 22:22:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys
[15 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/11/24 11:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/11/24 10:32:12 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 10:32:12 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 10:30:50 | 000,652,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/24 10:30:50 | 000,118,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/24 10:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/24 10:26:20 | 2414,727,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/24 10:26:05 | 000,028,160 | ---- | M] (secr9tos) -- C:\Windows\System32\drivers\oem-drv86.sys
[2014/11/24 10:21:58 | 000,003,528 | ---- | M] () -- C:\bootsqm.dat
[2014/11/21 10:02:49 | 000,001,007 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2014/11/21 00:19:04 | 001,108,992 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2014/11/20 23:28:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/11/20 22:25:52 | 005,598,306 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2014/11/19 17:38:55 | 000,007,613 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014/11/19 10:10:02 | 000,079,576 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/19 09:33:18 | 000,854,414 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/11/18 01:45:17 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/18 01:45:17 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/15 10:49:39 | 003,943,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/15 02:39:55 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2014/11/14 22:35:34 | 000,048,433 | ---- | M] () -- C:\Users\Administrator\Desktop\NEW firs Half.rtf
[2014/11/13 14:50:04 | 000,001,149 | ---- | M] () -- C:\Windows\~soundrecorder.dat
[2014/11/12 23:17:18 | 000,002,952 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/11/11 18:36:30 | 000,003,079 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
[2014/11/11 17:37:23 | 000,000,288 | ---- | M] () -- C:\Windows\Support.ini
[2014/11/09 10:38:57 | 012,845,056 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2014/11/03 23:36:13 | 000,000,951 | ---- | M] () -- C:\Users\Administrator\Desktop\Balabolka.lnk
[2014/11/02 16:02:07 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_654
[2014/11/02 15:57:55 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
[2014/11/02 15:31:34 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
[2014/11/02 15:21:24 | 000,064,218 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20141102_142119.reg
[2014/10/31 17:46:17 | 000,039,542 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20141031_164610.reg
[2014/10/29 22:02:57 | 000,000,841 | ---- | M] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
[2014/10/25 15:40:45 | 000,011,896 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20141025_154032.reg
[15 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/11/24 10:21:58 | 000,003,528 | ---- | C] () -- C:\bootsqm.dat
[2014/11/19 09:33:10 | 000,854,414 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2014/11/15 11:03:29 | 000,001,102 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/11/15 02:39:55 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2014/11/14 16:51:04 | 000,048,433 | ---- | C] () -- C:\Users\Administrator\Desktop\NEW firs Half.rtf
[2014/11/11 17:37:23 | 000,000,288 | ---- | C] () -- C:\Windows\Support.ini
[2014/11/11 11:00:01 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
[2014/11/10 10:01:58 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
[2014/11/04 11:58:51 | 000,001,149 | ---- | C] () -- C:\Windows\~soundrecorder.dat
[2014/11/03 23:36:13 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\Desktop\Balabolka.lnk
[2014/11/02 15:57:55 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
[2014/11/02 15:31:34 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
[2014/11/02 15:21:21 | 000,064,218 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20141102_142119.reg
[2014/10/31 17:46:13 | 000,039,542 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20141031_164610.reg
[2014/10/29 22:02:57 | 000,000,841 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
[2014/10/25 15:40:34 | 000,011,896 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20141025_154032.reg
[2014/10/16 23:10:51 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2014/10/16 18:42:28 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/10/14 14:04:23 | 000,098,928 | ---- | C] () -- C:\Windows\System32\drivers\vmci.sys.dump
[2014/10/14 14:04:23 | 000,063,920 | ---- | C] () -- C:\Windows\System32\drivers\vmx_svga.sys.dump
[2014/10/07 14:29:08 | 181,974,298 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_8_0_447.zip.aamdownload
[2014/10/07 14:29:08 | 000,002,174 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_8_0_447.zip.aamdownload.aamd
[2014/10/04 18:13:43 | 000,004,142 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
[2014/05/02 12:37:56 | 000,063,920 | ---- | C] () -- C:\Windows\System32\drivers\vmx_svga.sys
[2014/05/02 12:37:48 | 000,098,928 | ---- | C] () -- C:\Windows\System32\drivers\vmci.sys
[2014/05/02 12:16:12 | 000,079,176 | ---- | C] () -- C:\Windows\System32\TPVMMonUI.dll
[2014/04/09 15:12:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/09 15:12:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/09 15:12:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/09 15:12:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/09 15:12:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/24 22:45:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014/03/18 20:46:19 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/03/18 08:45:08 | 000,000,029 | ---- | C] () -- C:\Users\Administrator\.gtk-bookmarks
[2014/01/11 00:56:12 | 000,002,952 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/12/02 16:05:27 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2013/11/25 12:02:59 | 000,009,136 | ---- | C] () -- C:\Windows\System32\Inetwh16.dll
[2013/11/25 12:02:59 | 000,004,528 | ---- | C] () -- C:\Windows\System32\Setbrows.exe
[2013/11/25 11:52:13 | 000,000,061 | ---- | C] () -- C:\Windows\USRWIZ.INI
[2013/11/25 11:46:13 | 000,022,792 | ---- | C] () -- C:\Windows\System32\StnLang.ini
[2013/11/17 17:07:40 | 144,752,885 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
[2013/11/17 17:07:40 | 000,001,817 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
[2013/11/04 23:00:42 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/11/03 17:00:42 | 000,007,613 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/11/02 21:22:57 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013/11/02 20:37:42 | 012,845,056 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2013/10/16 10:29:32 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/10/15 23:24:23 | 000,000,137 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/10/15 23:23:51 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2013/10/15 23:23:51 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2013/10/15 23:23:51 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013/10/15 23:23:51 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/09/25 09:41:51 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/17 22:22:35 | 000,007,887 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat
[2013/09/17 22:22:35 | 000,001,144 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf
[2013/09/11 20:43:57 | 000,000,583 | ---- | C] () -- C:\Windows\SMSI.INI
[2013/08/27 22:24:53 | 000,003,079 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
[2013/08/23 09:27:29 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/08/05 22:54:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2013/07/22 14:30:08 | 000,000,112 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\JP2K CS6 Prefs
[2013/07/16 00:48:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/16 00:48:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/16 00:48:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/08 17:18:34 | 000,109,696 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2013/07/08 17:18:34 | 000,091,264 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2013/06/20 15:38:34 | 000,000,560 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/06/08 16:46:48 | 000,000,288 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\.backup.dm
[2013/05/22 11:43:31 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI
[2013/04/27 14:18:18 | 000,000,124 | ---- | C] () -- C:\Windows\spwdrp.INI
[2013/04/04 11:09:55 | 000,000,164 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PLGComp.ini
[2013/03/13 13:09:56 | 005,141,508 | ---- | C] () -- C:\Users\Administrator\Desktop.zip
[2013/02/21 17:01:42 | 000,011,089 | ---- | C] () -- C:\Program Files\satsukidecoderdetect.ini
[2013/02/21 17:01:41 | 000,004,095 | ---- | C] () -- C:\Program Files\satsukidecodersettings.ini
[2013/02/15 19:43:09 | 000,002,212 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2013/02/15 19:43:03 | 000,002,212 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2013/01/16 11:26:11 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2013/01/16 11:25:47 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2013/01/16 11:25:24 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2004/05/13 12:26:48 | 000,084,784 | ---- | C] () -- C:\Program Files\fciv.exe

========== ZeroAccess Check ==========

[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 11:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 07:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2013/11/02 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acronis
[2013/11/02 21:06:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnvSoft
[2014/10/18 13:37:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2014/11/03 23:36:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Balabolka
[2013/05/27 09:30:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
[2014/08/27 16:31:39 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\Common
[2014/10/21 16:43:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cool Record Edit Pro
[2014/10/07 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CrystalIdea Software
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Digiarty
[2014/10/18 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DisplayFusion
[2014/07/17 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EncryptStick
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2014/09/09 09:37:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2014/07/25 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2014/09/23 09:52:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free Sound Recorder
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Geek Uninstaller
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
[2013/11/02 21:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Infogrid Pacific Pte. Ltd
[2013/11/02 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2014/10/16 16:29:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2013/09/06 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2014/01/25 08:32:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iSkysoft
[2013/10/10 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Jasc
[2013/11/02 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2014/10/04 18:13:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Movavi
[2014/01/27 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPC-HC
[2013/11/02 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2013/11/02 21:07:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2014/10/28 11:11:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nuance
[2014/11/12 12:48:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2013/11/10 16:01:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PowerISO
[2014/11/20 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ProductData
[2013/11/07 11:29:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2014/01/08 00:16:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\R-TT
[2014/05/22 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Recordpad
[2013/11/02 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2014/10/17 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seagate
[2013/11/07 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SoftGrid Client
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\spotmau
[2014/09/24 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013/11/02 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2014/08/20 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TP
[2014/10/28 11:53:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tracker Software
[2013/12/27 10:43:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013/11/02 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UDC Profiles
[2013/11/02 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2013/11/02 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSoft
[2014/11/20 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013/09/19 18:29:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XnView
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\YCanPDF
[2013/11/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Youtube Downloader HD
[2013/11/02 21:07:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/21 07:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/21 07:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 07:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2014/07/16 12:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/17 11:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\ERDNT\cache\winlogon.exe
[2014/07/17 11:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/17 11:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/21 07:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014/03/04 19:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 20:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

========== Base Services ==========
SRV - [2009/07/14 11:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 14:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 11:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/21 07:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/21 07:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014/04/12 12:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 07:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2014/07/07 11:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/21 07:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/21 07:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 11:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 11:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/21 07:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 11:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 11:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 11:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/04 02:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 11:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 20:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 15:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014/04/12 12:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 11:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/21 07:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/21 07:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 11:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014/04/12 12:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/21 07:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/21 07:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/21 07:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/21 07:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 14:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/21 07:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2014/07/07 11:40:04 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2014/07/07 11:40:04 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/21 07:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/21 07:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/21 07:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/21 07:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/21 07:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2014/05/15 02:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/21 07:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 11:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/21 07:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3320613AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500418AS ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EARS-00MVWB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Brother MFC-790CW USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 130.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 168.00GB
Starting Offset: 139681704960
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:A5C00DEE
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Advertisements

Register to Remove

#17 OCD

SuperHelper

Malware Team
5,574 posts

Posted 23 November 2014 - 09:36 PM

Hi soloio,

You are doing just fine. :thumbup:

I am not finding much of anything in your logs that would suggest you are a victim of malware. Let's try a few steps and see if we can narrow down what is causing your problems.

I see you have previously downloaded Tweaking.com Windows Repair.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
You will be completing Step 1, 3 and 4 only.

Complete Step 1, Proper Power Reset

Step 3: Optional

Select "See if Check Disk Is Needed" (1)
If no errors are found under "View Log" (2) the post back those results
If "Check Disk" is needed, select the "Do It" (3) button.

=========================

Step 4: Optional

Select the "Do It" button.

=========================

Farbar Service Scanner

Please download Farbar Service Scanner and save it to your desktop.
- Right click and select "Run as Administrator"
- Make sure the following options are checked:
  - Internet Services
  - Windows Firewall
  - System Restore
  - Security Center
  - Windows Update
  - Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
=========================

In your next post please provide the following:
- Tweaking.com results
- FSS.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#18 soloio

Authentic Member

Authentic Member
22 posts

Posted 24 November 2014 - 07:18 AM

HI! OCD

After running Tweaking.com Windows Repair Step 3 Check Disk not needed.

Stet 4, I press do it! After scan I re-start computer, it fails to start normal, it auto restarts when windows picture first appears on screen and restarts

I did not want to run windows start up repair, after re-start 5 times, I press reset button soon after it start at beginning, it restarted and went in to windows without a hitch

Could be that you killed it (virus/malware) and it left some file damaged?

Just an opinion

Thank You

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Program Files\Tweaking.com\Windows Repair (All in One)>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (321869 of 357632 file records processed)
357632 file records processed.

File verification completed.
834 large file records processed.

0 bad file records processed.

2 EA records processed.

74 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
29 percent complete. (388316 of 420020 index entries processed)
420020 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
36 percent complete. (323382 of 357632 file SDs/SIDs processed)
357632 file SDs/SIDs processed.

Security descriptor verification completed.
31195 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (191373312 of 191374960 USN bytes processed)
191374960 USN bytes processed.

Usn Journal verification completed.
Windows has checked the file system and found no problems.

176160725 KB total disk space.
124149104 KB in 250056 files.
    144500 KB in 31196 indexes.
         0 KB in bad sectors.
    617441 KB in use by the system.
     65536 KB occupied by the log file.
51249680 KB available on disk.

      4096 bytes in each allocation unit.
44040181 total allocation units on disk.
12812420 allocation units available on disk.

C:\>

Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 24-11-2014 at 22:41:50
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

#19 OCD

SuperHelper

Malware Team
5,574 posts

Posted 24 November 2014 - 09:21 AM

Hi soloio,

Try browsing to "C:\Users\Home\AppData\Local" and delete the "Temp" directory to make sure it's all gone.

=========================

Go the Start menu > locate the search box at the bottom of the window
Type "msconfig" (without the quotes), right click msconfig and select "Run as Administrator"
On the Services tab, locate the following and select "Disable"
AJTBBNQOH
DXDXHUUIPT
ESZIRRKTB
GHEXLJESSYJZJFFD
GIFNPEGD
HNFOEA
IPYGNV
YBYFGZAO
Click Apply, and close msconfig.

=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

FRST.txt
Update on booting up issue.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#20 soloio

Authentic Member

Authentic Member
22 posts

Posted 25 November 2014 - 12:40 AM

The temp folder size 87.5 MB deleted

One of file in temp folder: “ LWSDebugOut “, 87.5 MB of all the same entries as below.

CDeviceInfoMap::GetPnPId() - failed m_DeviceInfoMap.Lookup - device ID: : 0

.\DeviceInfoMap.cpp

Line: 406

CDeviceInfoMap::GetDeviceFriendlyName() - !pDeviceInfo - failed m_DeviceInfoMap.Lookup(lDeviceID=: 0

.\DeviceInfoMap.cpp

Line: 313

Those files could not be deleted, need to close windows explorer, I did not know how.

“ FXSAPIDebugLogFile “ Size: 0 bytes created:

Thursday, ‎November ‎20, ‎2014, ‏‎10:06:13 PM (text doc)

LWSDebugOut size: 61.0 KB (62,500 bytes) size on disk: 64.0 KB (65,536 bytes) Created: Thursday, ‎November ‎20, ‎2014, ‏‎11:34:36 PM (text doc)

None of the entry wore found msconfig Service tab

· AJTBBNQOH

· DXDXHUUIPT

· ESZIRRKTB

· GHEXLJESSYJZJFFD

· GIFNPEGD

· HNFOEA

· IPYGNV

· YBYFGZAO

I rebooted and windows failed to boot as previously advised

I then run Farbar Recovery Scan Tool

logs included

LastRegBack: 2014-11-25 00:07

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
Ran by Administrator at 2014-11-25 16:26:32
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2411852452-117403543-12125213-500\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Acronis True Image Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM\...\AU10_is1) (Version: 10 - Innovative Solutions)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.3.0.0 - SlySoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AZARDI (HKLM\...\AZARDI_is1) (Version: - Infogrid Pacific Pte. Ltd.)
Balabolka (HKLM\...\Balabolka) (Version: 2.10.0.575 - Ilya Morozov)
Brother MFL-Pro Suite MFC-790CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Classic Menu for Office Enterprise 2010 and 2013 v5.85 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.85 - Addintools)
Contents (Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
CyberLink PowerDirector 12 (HKLM\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3403.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 6.0 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.0.0.0 - Binary Fortress Software)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{6DCA86D6-F197-41B7-BD33-43E32A15A41E}) (Version: 7.0.302.0 - ESET, spol s r. o.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free Sound Recorder v9.7.5 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)
Freeware PDF Unlocker (HKLM\...\{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}) (Version: 1.0.4 - SMTguru)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version: - SlavaSoft Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
ICA (Version: 16.0.0.106 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IPM_VS_Pro (Version: 16.0 - Corel Corporation) Hidden
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
L&H TTS3000 Italiano (HKLM\...\LHTTSITI) (Version: - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nero 12 (HKLM\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}) (Version: 7.0.144 - O&O Software GmbH)
OlympusCodecs (HKLM\...\{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}) (Version: 1.0.1 - Olympus)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Setup (Version: 16.0.0.106 - Corel Corporation) Hidden
Share (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Remove Master v5.0.1.3 (HKLM\...\Software Remove Master_is1) (Version: - CareWindows)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (32-bit) (HKLM\...\{48C4B49D-F876-4969-BF74-319EF3601A35}) (Version: 1.5.1 - The Synergy Project)
The FTW Transcriber version 3.1 (HKLM\...\{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1) (Version: 3.1 - The Tyger Valley Systems, Inc.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Ultimate Paint 2.88 Freeware Edition (HKLM\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.3 - fCoder Group, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VSClassic (Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (Version: 16.0.0.106 - Corel Corporation) Hidden
VSUltimate (Version: 16.0.0.106 - Corel Corporation) Hidden
VT-Bridget-M16-SAPI5 (HKLM\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
VT-Julie-M16-SAPI5 (HKLM\...\{C496F7CD-ED09-4D8D-872E-3470D4717714}) (Version: - )
VT-Kate-M16-SAPI5 (HKLM\...\{9FAD67A7-3A4E-4754-AAC4-0397F370611D}) (Version: - )
VT-Paul-M16-SAPI5 (HKLM\...\{942DF6BD-E4F2-4915-B4FB-09C02B71284F}) (Version: - )
Welcome App (Start-up experience) (Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows Driver Package - Nokia Modem (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordPerfect Office X6 - Common Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.318 - Corel Corporation)
WordPerfect Office X6 (Version: 16.0 - Corel Corporation) Hidden
Youtube Downloader HD v. 2.9.6 (HKLM\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

12-11-2014 03:19:13 Removed OlympusCodecs
12-11-2014 08:11:41 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
14-11-2014 08:03:12 Removed OlympusCodecs
14-11-2014 08:25:36 Removed OlympusCodecs
16-11-2014 00:52:47 Removed Java 7 Update 71
19-11-2014 01:45:05 Malwarebytes Anti-Rootkit Restore Point
24-11-2014 02:21:22 OTL Restore Point - 11/24/2014 12:21:19 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-30 10:34 - 2014-11-20 23:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CA6C9D-7CCC-428E-914C-F01421A85CBE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {08038180-7575-4743-AA20-957747EA1DF7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A897EC5-DB50-4E03-BBE3-D57A5A794189} - System32\Tasks\{2C3F50B1-D54D-40CA-992C-830EB5627BDF} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {10EF8F74-69C8-4E4F-BA9B-5DD716CE1EB4} - System32\Tasks\{3DCA905C-CBBF-424C-B155-5B0162A152CF} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {178909FA-264A-49EC-8FF2-9C56A9B13A2A} - System32\Tasks\{742B0DA6-B0BA-407B-AD13-2EF45C8B5136} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {19460C60-1E2E-4918-94E0-D512C0E5756F} - System32\Tasks\{61D2098D-AB2E-4155-BBA6-7175DCC19796} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {1BF0892A-A768-4CE9-8296-BD0AF0E558DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1D7F019C-D419-49C7-BAA0-A577C33B19D2} - System32\Tasks\{FF074E76-79B5-407D-A341-07E6BACAC239} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {1F4B18E4-27FA-4888-8A92-440059244BC2} - System32\Tasks\{C27BEF35-AF2F-476D-A7BB-2D58CADB4917} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {215EBB15-4A20-4933-A901-C46A6D3B1991} - System32\Tasks\{97E53D3C-1CE8-43C9-9697-2354A5E7825F} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {28455495-D1FC-4558-B070-A172B5334163} - System32\Tasks\{92123959-9F6E-472B-9509-79B7C22FE5A1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {2FB16726-0240-4074-A381-4DA5AC038384} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31CFD816-5E6E-4F8E-B71B-2F6344CDA3D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3967B16F-08ED-4990-9728-2855AA26C8D3} - System32\Tasks\{C49E02A8-FD5A-45A2-ABA7-BD66E3C3D11D} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3A82721C-EA39-4C5C-A69A-93943D12BF94} - System32\Tasks\{77975FFD-B173-4AF2-9A64-88D2367B638D} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3AE87692-B99B-436C-8320-9FC7ABBADC3D} - System32\Tasks\{19747C34-5D7E-4DBB-8F29-E0CA714F7341} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3EE8C6D0-1AAC-4ADE-A363-A2DC7FC8AA98} - System32\Tasks\{96E49231-874F-45BB-8C30-8177DF641A49} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {4389A372-FC61-40B0-85C6-475415D624A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {456C2A4E-9180-4F04-9560-3E28BB018C68} - System32\Tasks\{70259839-3263-4456-B23D-D5F4D1BE7C16} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {47939221-4A52-4194-B085-AEB2A6C2103D} - System32\Tasks\{5BE0F675-129F-4995-8F06-03EF74B0F692} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {498FCE60-CBFB-49F4-B48A-B54F9194969F} - System32\Tasks\{D09C7287-B757-40E0-9BAB-29FB2DBBA8FE} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {4F43426A-4609-4EAB-A61C-7A5DF5B99125} - System32\Tasks\{858FB472-5CEA-4FBD-9E72-65DEC715A7C5} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {528711F2-1C72-448D-B5EF-37927EADCC31} - System32\Tasks\{F2848B54-0B33-4407-AA89-F92FC745D459} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {56410E59-C3B1-40F8-B0FD-674254FBA0E7} - System32\Tasks\{F12BB17B-8534-4DF4-9B6F-3E475FFDE5B8} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {56DBD133-FF99-443B-B8AC-3ECC426B958F} - System32\Tasks\{598A64E4-9B31-4706-8E5E-1DE0A59292E0} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {5ADDB58B-CD32-4C7A-8C67-0F33C2AFEB36} - System32\Tasks\{26F8E065-2C28-4787-8086-ADFEA2845C6F} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {5EE847CB-FE75-4CF1-BED6-837AC7159F2D} - System32\Tasks\{8EA4414C-54BF-4BB7-A44E-9BC521BDBF4A} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {67F58E9F-0BE3-4687-A0CB-793072C765CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C2214C5-1FB9-4BF9-AB41-F112C323F6AE} - System32\Tasks\{80F3845C-3C92-4898-A9FF-0B5EE604DF07} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {6F868CB2-B24A-4870-B985-C710DDCDC3DF} - System32\Tasks\{7F916CCC-7C8F-478B-918C-C6D255DF3C96} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {759A20CA-2CC1-463C-AB2B-5F20ECA69237} - System32\Tasks\{B5CEC5F3-64B5-4680-9DBB-B24E00ED9E93} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {7BAEB8C8-16A9-4298-B4B6-FFFF2392075A} - System32\Tasks\{2B5DC53E-0AB1-4FD5-8376-F45831513321} => G:\Programs\A0184583.exe [2005-04-01] ()
Task: {7D614EE3-9D66-423F-88D0-D80F9C23C979} - System32\Tasks\{57E60407-B0FB-4D1B-A1C4-5157608AB94C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {82BF0377-0F7E-46FD-B45F-93885DF2B269} - System32\Tasks\{D92EDE2F-6ECB-46C4-AF2C-088BB3266C49} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv.msi"
Task: {8958F3FB-5EC7-4C63-A8DE-994597FE8189} - System32\Tasks\{D3D4DB0C-580C-46D9-89E1-68B5B9259E28} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {91D6F716-06D8-4DE8-9FF0-8B38127F071F} - System32\Tasks\{0884BF43-CAEA-4028-8EF9-6A43F9CBAF4B} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {955F58A1-9B56-4134-8B00-E6A24D152E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe
Task: {9A3EED12-48B7-4FDE-89E1-211C2A81374F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9A8DEEF7-5879-417B-8910-817C62E257AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {9ABF9E49-9B3F-404E-ACE9-EFD7E06AAAD1} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files\NCH Software\Express\Express.exe
Task: {AA318FA1-575A-463F-800F-6EC8A9EE1A5B} - System32\Tasks\{72F5C9F6-BF43-44FA-9C9B-1A414EA26E18} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {B238A0AF-4B8B-4A9D-BB66-143A4F70B525} - System32\Tasks\{8821CE3A-A714-4E0B-A8B5-EC7D64AD924C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B4CDFFB2-7FA3-4BFC-BA1B-C987763795D5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B56E7DDF-9ADE-44EA-8840-2D695C4A8E60} - System32\Tasks\{43022584-1FB3-433D-9BAE-856426CFDAD2} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B8F2760C-C46E-4C21-92A2-6557BB1FD4D3} - System32\Tasks\{24586FE0-83FE-4FFF-A59B-8D6F461E0ADB} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {CB4AE861-A16A-4CDA-B2C8-24CC42C82E9E} - System32\Tasks\{8D73619E-884E-4B2A-8690-FD2E6744D2B1} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {CC1103FC-DB87-4860-9806-36E7FBAF2877} - System32\Tasks\{2F4F007B-B337-4BAA-8835-96B7597EEF1B} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {CDB8BC96-F444-4126-B8E6-6CA7B495D9F8} - System32\Tasks\{2D8604A9-1DAA-4D11-8018-32C0E45AC2A0} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {D29B7288-C0C9-4911-B299-CF880AC73D80} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D41851D3-61ED-48E6-A243-9D9E3328A3BE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KHAN-Administrator Khan => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D536B505-EAD3-40B0-B781-AE2AE206BB2D} - System32\Tasks\{253E0BCE-68AC-4F7D-93E9-5435C5EE38F9} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {E0776124-DEBD-4C63-8257-342A6D883336} - System32\Tasks\{6A9758CB-785E-439C-9C1B-2238CECA5BF2} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {E4E34B87-A337-4D5C-A121-49066069A29C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EAFB4792-2E9F-4098-AF9B-6700216F9A04} - System32\Tasks\{37343038-3FED-49FC-A743-8DDDFE16F4F7} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {F929BE73-A7C9-4DD4-AF4D-892ED5933594} - System32\Tasks\{575ED30B-3D7F-46C2-B023-637056BFF346} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {FBCBC6EF-D7CE-4A65-B778-D35411F56594} - System32\Tasks\{4B12E91A-5B39-42C5-B438-D29669D9D6C1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (whitelisted) =============

2013-11-02 20:36 - 2013-01-31 19:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-02 15:57 - 2012-08-08 22:36 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-08-21 18:20 - 2014-08-21 18:20 - 00278016 _____ () C:\Program Files\Synergy\synergyd.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-11-11 08:27 - 2014-11-11 08:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: YBYFGZAO => 3
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-2411852452-117403543-12125213-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2411852452-117403543-12125213-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2411852452-117403543-12125213-1025 - Limited - Enabled)
test (S-1-5-21-2411852452-117403543-12125213-1023 - Administrator - Enabled) => C:\Users\test
UpdatusUser (S-1-5-21-2411852452-117403543-12125213-1026 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2014 00:12:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/23/2014 01:13:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2014 01:55:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/21/2014 01:30:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/20/2014 10:19:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8
Faulting module name: mbamgui.exe, version: 1.61.0.0, time stamp: 0x4f6b8ae8
Exception code: 0x40000015
Fault offset: 0x00014965
Faulting process id: 0xa24
Faulting application start time: 0xmbamgui.exe0
Faulting application path: mbamgui.exe1
Faulting module path: mbamgui.exe2
Report Id: mbamgui.exe3

Error: (11/19/2014 11:34:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/19/2014 09:07:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14fe8

Start Time: 01d003802222269f

Termination Time: 109

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/18/2014 07:01:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b4ec

Start Time: 01d0030a956f120d

Termination Time: 134

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/18/2014 00:41:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2014 11:29:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/25/2014 04:13:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/25/2014 04:13:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/25/2014 03:32:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:32:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:18:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:18:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:18:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:18:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:18:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/25/2014 03:18:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (08/29/2013 01:42:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000496960

Error: (07/29/2013 04:20:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 3Microsoft Office PowerPoint12.0.6600.100012.0.6612.100028941320

Error: (05/23/2013 05:51:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100069484080

Error: (11/07/2012 05:42:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.101423820

Error: (11/05/2012 07:02:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10142594585760

Error: (07/30/2012 11:03:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000375300

Error: (07/14/2012 04:56:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000690403180

Error: (06/06/2012 10:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6661.500012.0.6612.1000470

Error: (02/02/2012 10:09:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.1014648300

CodeIntegrity Errors:
===================================
Date: 2014-10-15 04:12:37.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.143
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:09:02.485
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 40%
Total physical RAM: 3070.49 MB
Available physical RAM: 1823.46 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4660.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:168 GB) (Free:47.71 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:130.09 GB) (Free:42.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (1TERA_10GB) (Fixed) (Total:931.51 GB) (Free:375.55 GB) NTFS
Drive g: (320D500GB) (Fixed) (Total:465.76 GB) (Free:216.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BFBBC8F1)
Partition 1: (Active) - (Size=130.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33091F32)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4FE0168)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#21 OCD

SuperHelper

Malware Team
5,574 posts

Posted 25 November 2014 - 01:44 AM

Hi soloio,

Delete a Service w/ a Batch File

We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop AJTBBNQOH 
sc delete AJTBBNQOH 
sc stop DXDXHUUIPT 
sc delete DXDXHUUIPT 
sc stop ESZIRRKTB 
sc delete ESZIRRKTB 
sc stop GHEXLJESSYJZJFFD 
sc delete GHEXLJESSYJZJFFD 
sc stop GIFNPEGD  
sc delete GIFNPEGD  
sc stop HNFOEA 
sc delete HNFOEA 
sc stop IPYGNV 
sc delete IPYGNV 
sc stop YBYFGZAO 
sc delete YBYFGZAO 
exit

Save it to your desktop as File name: service.bat
Save as type: All Files

Once done, double click service.bat to run it. A command window will open briefly, then close. This is quite normal. When the command window has closed, you may delete service.bat

=========================

RogueKiller

Download to your desktop RogueKiller (by tigzy)

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

RogueKiller report
new FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#22 soloio

Authentic Member

Authentic Member
22 posts

Posted 26 November 2014 - 12:33 AM

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 11/26/2014 16:23:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[File.Forged][File] vmci.sys -- C:\Windows\System32\drivers\vmci.sys -> Found
[File.Forged][File] vmx_svga.sys -- C:\Windows\System32\drivers\vmx_svga.sys -> Found

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] NtCreateKey[70] : C:\Windows\system32\drivers\aksfridge.sys @ 0x83401fec
[SSDT:Inl(Hook.SSDT)] NtOpenKey[182] : C:\Windows\system32\drivers\aksfridge.sys @ 0x83401ff1
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[IAT:Addr] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x5da21397
[IAT:Addr] (explorer.exe @ MSONSEXT.DLL) pkmws.dll - lstrcmpiW : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x5da21406
[IAT:Addr] (explorer.exe @ MSONSEXT.DLL) MSVCRT.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x5da21397

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] 960azfpj.default-1415280631391 : user_pref("network.proxy.type", 2); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] a18f948ffa5e5dc993763a230501d0ce
[BSP] 8b95a0ddf010e8b887848b0879832b80 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 133209 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 272815830 | Size: 172031 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3500418AS ATA Device +++++
--- User ---
[MBR] 321265f0d01ec1e344fdbb91970e4b04
[BSP] 0fff42c49db9c2f21b6204b17c0122e7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476939 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] 67879018dc0ab22649e1360e61b35d83
[BSP] 3d90d97cc0f3776d9a2cb4138b5bcc16 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Administrator (administrator) on KHAN on 26-11-2014 16:26:40
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [~rmvtxrr] => C:\Users\Administrator\Downloads\fg742p.exe [2115360 2013-11-20] (Dynamic Internet Technology, Inc.)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D837ED443E9CF01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-11-16] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2013-10-03] (OLYMPUS IMAGING CORP.) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4772144 2013-02-21] (O&O Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-18] (Sandboxie Holdings, LLC)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [278016 2014-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-25] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-15] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-15] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-08-15] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [79576 2014-11-19] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-18] () [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-11-25] (secr9tos) [File not signed]
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [98064 2012-10-24] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [29456 2012-10-24] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [209168 2012-10-24] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [32528 2012-10-24] (O&O Software GmbH)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [20808 2013-11-30] (Christian Gulden)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-18] (Sandboxie Holdings, LLC)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-16] (Acronis)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2011-06-23] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S0 hcov; System32\drivers\werlmk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 16:26 - 2014-11-26 16:27 - 00013689 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-26 16:24 - 2014-11-26 16:24 - 00004912 _____ () C:\Users\Administrator\Desktop\RKreport_SCN_11262014_162327.log
2014-11-26 16:12 - 2014-11-26 16:12 - 15196248 _____ () C:\Users\Administrator\Desktop\RogueKiller.exe
2014-11-26 15:38 - 2014-11-26 15:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 08:50 - 2014-11-26 08:50 - 00001995 _____ () C:\Users\Administrator\Desktop\Free Sound Recorder.lnk
2014-11-26 08:50 - 2014-11-26 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2014-11-26 08:49 - 2014-11-26 08:50 - 00000000 ____D () C:\Program Files\Free Sound Recorder
2014-11-26 08:49 - 2006-03-23 12:56 - 00113486 _____ () C:\Windows\system32\NCTWMAProfiles.prx
2014-11-26 08:49 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioInformation2.dll
2014-11-26 08:49 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioFile2.dll
2014-11-26 08:49 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioRecord2.dll
2014-11-26 08:49 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioPlayer2.dll
2014-11-26 08:49 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioEditor2.dll
2014-11-26 08:49 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioTransform2.dll
2014-11-26 08:49 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioVisualization2.dll
2014-11-26 08:49 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTTextToAudio2.dll
2014-11-26 08:49 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\Windows\system32\NCTWMAFile2.dll
2014-11-26 08:49 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\Windows\system32\NCTAudioCDGrabber2.dll
2014-11-25 16:25 - 2014-11-25 16:25 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-11-24 22:39 - 2014-11-24 22:39 - 00415232 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-11-24 11:55 - 2014-11-24 11:55 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-11-21 00:18 - 2014-11-25 16:25 - 01110016 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-11-20 23:34 - 2014-11-20 23:34 - 00022618 _____ () C:\ComboFix.txt
2014-11-20 22:25 - 2014-11-20 22:25 - 05598306 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-11-20 08:27 - 2014-11-20 23:34 - 00000000 ____D () C:\Qoobox
2014-11-19 10:15 - 2014-11-21 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-19 10:02 - 2014-11-19 10:02 - 00000000 ____D () C:\Users\Administrator\Downloads\mbar-1.08.1.1001
2014-11-19 09:52 - 2014-11-19 09:52 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.08.1.1001.exe
2014-11-19 09:33 - 2014-11-19 09:33 - 00854414 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-11-16 16:44 - 2014-11-26 16:26 - 00000000 ____D () C:\FRST
2014-11-16 15:31 - 2014-11-24 21:40 - 00027210 ____H () C:\Users\Administrator\Desktop\~WRL3949.tmp
2014-11-16 15:31 - 2014-11-24 08:51 - 00028867 ____H () C:\Users\Administrator\Desktop\~WRL2694.tmp
2014-11-16 15:31 - 2014-11-22 09:46 - 00026763 ____H () C:\Users\Administrator\Desktop\~WRL1089.tmp
2014-11-16 15:31 - 2014-11-21 17:22 - 00025830 ____H () C:\Users\Administrator\Desktop\~WRL2672.tmp
2014-11-15 11:33 - 2014-11-25 16:12 - 00001364 _____ () C:\Windows\error.log
2014-11-15 02:39 - 2014-11-15 02:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-11-15 02:39 - 2014-11-15 02:39 - 00000000 ____D () C:\RegBackup
2014-11-15 00:33 - 2014-11-15 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 22:32 - 2014-11-14 22:33 - 01706808 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-11-14 19:10 - 2014-11-14 19:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-11-14 19:07 - 2014-11-14 19:08 - 02140160 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2014-11-14 19:04 - 2014-11-14 23:02 - 00000000 ____D () C:\AdwCleaner
2014-11-14 13:23 - 2014-11-14 13:24 - 120201976 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2014-11-12 19:04 - 2014-11-12 19:04 - 00013630 _____ () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch.htm
2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch_files
2014-11-12 19:03 - 2014-11-12 19:14 - 22892794 _____ (Audacity Team ) C:\Users\Administrator\Downloads\audacity-win-2.0.6.exe
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Administrator\Documents\2006 FIFA World Cup™
2014-11-12 16:10 - 2014-11-12 16:10 - 00061440 _____ ( ) C:\Users\Administrator\Downloads\VEW.exe
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\Speccy
2014-11-12 13:15 - 2014-11-12 13:15 - 00000000 ____D () C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 13:12 - 2014-11-12 13:19 - 09817304 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-11-12 12:48 - 2014-11-12 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-11-11 17:37 - 2014-11-11 17:37 - 00000288 _____ () C:\Windows\Support.ini
2014-11-11 17:37 - 2014-11-11 17:37 - 00000000 ____D () C:\Program Files\Common Files\Olympus Shared
2014-11-11 17:32 - 2014-11-12 11:12 - 00000000 ____D () C:\Program Files\The FTW Transcriber
2014-11-11 17:32 - 2014-11-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
2014-11-11 17:28 - 2014-11-11 17:30 - 24588601 _____ (The Tyger Valley Systems, Inc. ) C:\Users\Administrator\Downloads\FTW Transcribe setup.exe
2014-11-11 17:21 - 2014-11-11 17:21 - 01177930 _____ () C:\Users\Administrator\Downloads\NCH.Express.Scribe.Pro.v5.55.Incl.Keygen-BRD.rar
2014-11-11 12:07 - 2014-11-19 10:10 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 11:00 - 2014-11-11 14:46 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2014-11-11 09:31 - 2014-11-11 09:31 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-11-11 09:30 - 2014-11-11 09:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVS4YOU
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-11 08:27 - 2014-11-20 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 23:40 - 2014-11-10 23:41 - 00644160 _____ () C:\Users\Administrator\Downloads\switchsetupSoftonicEN.exe
2014-11-10 16:44 - 2014-11-10 16:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-11-10 16:40 - 2014-11-10 16:40 - 04578024 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-10 10:01 - 2014-11-10 17:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
2014-11-09 11:37 - 2014-11-09 11:37 - 13708848 _____ () C:\Users\Administrator\Downloads\SysinternalsSuite(1).zip
2014-11-04 18:35 - 2014-11-04 18:35 - 00000775 _____ () C:\Users\Administrator\Downloads\Drive Update NVIDER.txt
2014-11-04 12:29 - 2014-11-04 12:29 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (3).exe.1pwp9uk.partial
2014-11-04 12:26 - 2014-11-04 12:26 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (2).exe.hjxm4kd.partial
2014-11-04 12:17 - 2014-11-04 12:19 - 00714995 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial
2014-11-04 11:58 - 2014-11-13 14:50 - 00001149 _____ () C:\Windows\~soundrecorder.dat
2014-11-03 23:36 - 2014-11-03 23:36 - 00000951 _____ () C:\Users\Administrator\Desktop\Balabolka.lnk
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\Documents\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Balabolka
2014-11-03 23:35 - 2014-11-03 23:36 - 00000000 ____D () C:\Program Files\Balabolka
2014-11-03 22:42 - 2014-11-03 23:39 - 00000000 ____D () C:\Users\Administrator\Downloads\Speach
2014-11-03 18:01 - 2014-11-03 18:03 - 31079968 _____ () C:\Users\Administrator\Downloads\Ivona_Reader_inst_wi_ne.exe
2014-11-03 17:12 - 2014-11-03 19:57 - 1092299089 _____ () C:\Users\Administrator\Downloads\ATT tts setup w audrey voice.rar
2014-11-03 16:18 - 2014-11-16 08:12 - 00017395 _____ () C:\Users\Administrator\Desktop\ABC 1 Page 9 Copy 2.txt
2014-11-03 08:25 - 2014-11-03 08:33 - 231177072 _____ () C:\Users\Administrator\Downloads\PowerDirector_3403_GM7_Patch_Patch_VDE141006-01.exe
2014-11-02 16:09 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2014-11-02 15:57 - 2014-11-02 15:57 - 00002169 _____ () C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2014-11-02 15:57 - 2014-11-02 15:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 15:31 - 2014-11-02 15:31 - 00002201 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-11-02 15:31 - 2014-11-02 15:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-02 15:28 - 2014-11-02 15:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-02 15:24 - 2014-11-12 23:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-02 15:21 - 2014-11-02 15:21 - 00064218 _____ () C:\Users\Administrator\Documents\cc_20141102_142119.reg
2014-11-02 10:22 - 2014-11-02 10:22 - 00680956 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
2014-11-02 09:50 - 2014-11-02 10:00 - 01029080 _____ (CyberLink) C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-11-02 09:45 - 2014-11-02 09:48 - 00001007 _____ () C:\Users\test\Desktop\CyberLink_update 3625.lnk
2014-11-01 09:56 - 2014-11-01 09:57 - 08857025 _____ () C:\Users\Administrator\Downloads\A Time To Kill Trailer.mp4
2014-10-31 18:04 - 2014-11-12 11:22 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-10-31 18:04 - 2014-10-31 18:04 - 00000000 ____D () C:\ProgramData\eSellerate
2014-10-31 17:46 - 2014-10-31 17:46 - 00039542 _____ () C:\Users\Administrator\Documents\cc_20141031_164610.reg
2014-10-31 16:55 - 2014-11-25 16:02 - 00000000 ____D () C:\Users\Administrator\Downloads\Power Direct
2014-10-29 22:02 - 2014-10-29 22:02 - 00000841 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-10-28 11:30 - 2014-10-28 11:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Nuance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 16:14 - 2014-10-16 18:42 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-26 15:38 - 2013-03-19 20:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-26 08:50 - 2014-01-25 11:50 - 01509888 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2014-11-26 08:46 - 2013-08-28 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-11-26 08:46 - 2009-07-14 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-25 17:41 - 2010-11-21 07:01 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 16:33 - 2013-11-02 21:34 - 01211751 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 16:18 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 16:18 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 16:12 - 2014-10-06 23:00 - 00231868 _____ () C:\Windows\setupact.log
2014-11-25 16:12 - 2014-10-06 22:52 - 00003240 _____ () C:\Windows\errord.log
2014-11-25 16:12 - 2011-05-13 18:15 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-11-25 16:12 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 11:11 - 2012-05-14 00:14 - 00000000 ____D () C:\Windows\ERDNT
2014-11-24 22:28 - 2014-10-06 22:52 - 00084060 _____ () C:\Windows\PFRO.log
2014-11-21 10:02 - 2012-01-17 10:50 - 00001007 _____ () C:\Windows\Brpfx04a.ini
2014-11-20 23:28 - 2009-07-14 12:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-20 22:47 - 2009-07-14 12:03 - 69206016 _____ () C:\Windows\system32\config\software.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 24379392 _____ () C:\Windows\system32\config\system.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-20 22:19 - 2012-08-06 14:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-11-20 22:15 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\Administrator
2014-11-20 22:14 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-20 22:13 - 2014-10-06 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-11-20 22:13 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2014-11-20 22:13 - 2013-11-05 21:59 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-20 22:13 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\test
2014-11-20 22:12 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\registration
2014-11-20 22:06 - 2012-07-26 00:00 - 00942080 ___SH () C:\Users\Administrator\Desktop\Thumbs.db
2014-11-19 17:38 - 2013-11-03 17:00 - 00007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-11-19 09:51 - 2014-02-27 13:45 - 00015728 _____ () C:\Users\Administrator\Desktop\Provisor.txt
2014-11-18 01:45 - 2014-02-28 10:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-18 01:45 - 2014-02-28 10:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 10:19 - 2014-08-29 11:28 - 00000000 ___RD () C:\Users\Administrator\Downloads\Toto-FrancocCiccio
2014-11-16 09:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Windows\Lhsp
2014-11-16 08:51 - 2013-07-19 22:04 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-15 11:06 - 2013-11-03 14:47 - 00141312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:03 - 2012-01-20 12:07 - 00000000 ____D () C:\Windows\pss
2014-11-15 10:49 - 2009-07-14 14:33 - 03943296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 10:48 - 2011-04-12 12:24 - 00000000 ____D () C:\Windows\CSC
2014-11-14 18:50 - 2013-11-03 12:31 - 00000000 ____D () C:\Program Files\Software Remove Master
2014-11-14 12:10 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-12 23:18 - 2013-11-20 17:15 - 00000564 _____ () C:\Users\Administrator\Downloads\fg.ini
2014-11-12 23:17 - 2014-01-11 00:56 - 00002952 _____ () C:\Windows\Sandboxie.ini
2014-11-12 23:07 - 2014-10-16 23:10 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-11-12 11:22 - 2012-01-17 10:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 18:36 - 2013-08-27 22:24 - 00003079 _____ () C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
2014-11-10 23:08 - 2014-09-14 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-11-09 10:38 - 2013-11-02 20:37 - 12845056 _____ () C:\Users\Administrator\ntuser.bak
2014-11-07 01:29 - 2014-03-01 11:06 - 00000000 ____D () C:\Users\Administrator\Downloads\IVONA Voices 2 (1.6.63)
2014-11-06 19:43 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-03 12:34 - 2014-09-22 21:27 - 00000000 ____D () C:\Users\Administrator\Documents\Free Sound Recorder
2014-11-03 08:09 - 2013-11-21 16:37 - 00015682 _____ () C:\Users\Administrator\Downloads\fghelp_en.htm
2014-11-02 16:02 - 2012-07-30 10:34 - 00000056 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_654
2014-11-02 15:58 - 2013-07-19 21:45 - 00000000 ____D () C:\ProgramData\install_clap
2014-10-29 22:03 - 2013-06-24 19:55 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2014-10-29 22:02 - 2013-11-13 12:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2014-10-28 13:44 - 2014-03-07 12:58 - 00000000 ____D () C:\Pdfedit
2014-10-28 11:53 - 2014-10-03 13:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Tracker Software
2014-10-28 11:30 - 2013-08-22 12:17 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-28 11:11 - 2013-08-27 10:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nuance

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 00:07

==================== End Of Log ============================

#23 OCD

SuperHelper

Malware Team
5,574 posts

Posted 26 November 2014 - 01:08 AM

Hi soloio,

Re-run RogueKiller

Right click and select "Run as Administrator"

Quit all programs
Wait until Prescan has finished ...
Click on Scan.
Wait until the Status box shows "Scan Finished"
Click the Delete button
Wait until the Status box shows "Deleting Finished"
Click the Report button, save the report to your desktop

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
EmptyTemp:
CMD: ipconfig /flushdns
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

RogueKiller log
Fixlog.txt
How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#24 soloio

Authentic Member

Authentic Member
22 posts

Posted 26 November 2014 - 09:09 AM

HI! OCD

Computer seems to be working without any problems that I can see

When I started FRST as administrator and pressed fix, it worked for a while, I could see the green bar moving then it stopped, it was saying: fixing in progress please wait,

nothing happen some 20 minutes later I press stop to close program, I cannot close and everything is frozen, Ctrl +Alt + Delete did not work, only option press reset button to restart, windows failed to start same as before.

When I start windows I restart FRST tray fix again this time nothing working no green bar across program, everything frozen, I press reset button to restart windows, windows starts normal this time

Very Very Happy Thanks Giving to You and all your Family

Thank You

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Administrator at 2014-11-27 00:30:32 Run:4
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Delete -- Date : 11/26/2014 23:49:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys) -> Not selected
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[File.Forged][File] vmci.sys -- C:\Windows\System32\drivers\vmci.sys -> ERROR [32]
[File.Forged][File] vmx_svga.sys -- C:\Windows\System32\drivers\vmx_svga.sys -> ERROR [32]

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] NtCreateKey[70] : C:\Windows\system32\drivers\aksfridge.sys @ 0x83401fec
[SSDT:Inl(Hook.SSDT)] NtOpenKey[182] : C:\Windows\system32\drivers\aksfridge.sys @ 0x83401ff1
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[IAT:Addr] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x5da21397
[IAT:Addr] (explorer.exe @ MSONSEXT.DLL) pkmws.dll - lstrcmpiW : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x5da21406
[IAT:Addr] (explorer.exe @ MSONSEXT.DLL) MSVCRT.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x5da21397

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] 960azfpj.default-1415280631391 : user_pref("network.proxy.type", 2); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] a18f948ffa5e5dc993763a230501d0ce
[BSP] 8b95a0ddf010e8b887848b0879832b80 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 133209 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 272815830 | Size: 172031 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3500418AS ATA Device +++++
--- User ---
[MBR] 321265f0d01ec1e344fdbb91970e4b04
[BSP] 0fff42c49db9c2f21b6204b17c0122e7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476939 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] 67879018dc0ab22649e1360e61b35d83
[BSP] 3d90d97cc0f3776d9a2cb4138b5bcc16 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11262014_162327.log - RKreport_SCN_11262014_234837.log

#25 OCD

SuperHelper

Malware Team
5,574 posts

Posted 26 November 2014 - 09:28 AM

Hi soloio ,

Each time you have to use the reset button to turn off your computer you are potentially causing damage to the system files, which could be contributing to the problems you are encountering.

You need to allow FRST more time to complete it's fix. Please redo the steps from my last post, but with these changes:

Allow FRST to complete
In RogueKiller, click on each tab in the header and ensure each item is selected for removal.

Reboot and post the results.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#26 soloio

Authentic Member

Authentic Member
22 posts

Posted 26 November 2014 - 05:50 PM

HI! OCD

Thank you for your time and patience

I have done the steps as requested, In RogueKiller, cheeked each tab and selected each entry for removal.

Start FRST as administrator and run the fix, left computer overnight running FRST fix

Next morning window is frozen, Ctrl + Alt + delete does not work, wherever I press/click noting happens I tried for 2 hour different buttons and waiting to see any changes including inserting different CD in CD Rom drive nothing worked

I had seen somewhere that said when windows freezes to shut down by pressing the start button that I did this time, better or worse. I do not know, windows started normal, no re-boot

I do not usually restart by pressing reset button it is very very rare to do so,

I have done this a few times now that has been freezing up and I do not know what to do when you cannot run task manager and nothing else workers by clicking

I am saying this to give you a better picture and understanding of the situation and what I am doing

Thank You for your help

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Delete -- Date : 11/27/2014 02:22:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> Deleted
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[File.Forged][File] vmci.sys -- C:\Windows\System32\drivers\vmci.sys -> ERROR [32]
[File.Forged][File] vmx_svga.sys -- C:\Windows\System32\drivers\vmx_svga.sys -> ERROR [32]

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Deleted

¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] NtCreateKey[70] : C:\Windows\system32\drivers\aksfridge.sys @ 0x83407fec
[SSDT:Inl(Hook.SSDT)] NtOpenKey[182] : C:\Windows\system32\drivers\aksfridge.sys @ 0x83407ff1
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\oodisr @ Unknown (\SystemRoot\system32\DRIVERS\oodivd.sys)
[IAT:Addr] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x70961397
[IAT:Addr] (explorer.exe @ MSONSEXT.DLL) pkmws.dll - lstrcmpiW : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x70961406
[IAT:Addr] (explorer.exe @ MSONSEXT.DLL) MSVCRT.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x70961397

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] 960azfpj.default-1415280631391 : user_pref("network.proxy.type", 2); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] a18f948ffa5e5dc993763a230501d0ce
[BSP] 8b95a0ddf010e8b887848b0879832b80 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 133209 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 272815830 | Size: 172031 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3500418AS ATA Device +++++
--- User ---
[MBR] 321265f0d01ec1e344fdbb91970e4b04
[BSP] 0fff42c49db9c2f21b6204b17c0122e7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476939 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] 67879018dc0ab22649e1360e61b35d83
[BSP] 3d90d97cc0f3776d9a2cb4138b5bcc16 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_11262014_234908.log - RKreport_SCN_11262014_162327.log - RKreport_SCN_11262014_234837.log - RKreport_SCN_11272014_021056.log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Administrator at 2014-11-27 03:02:51 Run:5
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.

#27 OCD

SuperHelper

Malware Team
5,574 posts

Posted 26 November 2014 - 09:41 PM

Hi soloio,

Thank you for the detailed explanation on the restarting process that is sometimes necessary to boot your computer. :thumbup:

I have amended the fixlist.txt, please try running the FRST fix once more.

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
End

Fixlog.txt
How is the computer running, what issues still remain?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#28 soloio

Authentic Member

Authentic Member
22 posts

Posted 27 November 2014 - 12:54 AM

Started FRST and it updated I run the fix, it took a few seconds and was complete

Computer seems to work OK I haven’t noticed nothing unusual or any problems

Thank you

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Administrator at 2014-11-27 16:44:06 Run:6
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2411852452-117403543-12125213-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
End
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
"HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found.

==== End of Fixlog ====

#29 OCD

SuperHelper

Malware Team
5,574 posts

Posted 27 November 2014 - 10:04 AM

Hi soloio,

Computer seems to work OK I haven’t noticed nothing unusual or any problems

That's good to hear! :thumbup: But we still have a little bit to do before we are finished, please continue.

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
Select type of scan to perform:
- Threat Scan < --- Select this type of scan
- Custom Scan
- Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

MBAM log
ESET's log.txt
new FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#30 soloio

Authentic Member

Authentic Member
22 posts

Posted 28 November 2014 - 06:33 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/28/2014
Scan Time: 2:57:04 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.28.02
Rootkit Database: v2014.11.22.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408370
Time Elapsed: 32 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.OutBrowse, C:\Users\Administrator\Downloads\Format Factory Setup.exe, No Action By User, [ce54cf726715ca6cab1c814cab56c838],
PUP.Optional.Amonetize, C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial, No Action By User, [988aa0a12b5167cf8e653f0a0005748c],
PUP.Optional.Amonetize, C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part, No Action By User, [bb671e23ea92c6700cebf3d76d9748b8],
PUP.Optional.OneClickDownloader.A, C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch.exe, No Action By User, [db4787ba90ec1c1a96c745e8e51cfe02],

Physical Sectors: 0
(No malicious items detected)

(end)

C:\Users\Administrator\Desktop\Alfa R\ESET\ESET ANTIVIRUS 7 x32x64 [HYPERDRIVE25]\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe   a variant of Win32/RiskWare.HackAV.II application   cleaned by deleting - quarantined
C:\Users\Administrator\Desktop\Alfa R\ESET\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe   a variant of Win32/RiskWare.HackAV.II application   cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch.exe   Win32/AdWare.1ClickDownload.AT application   cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Format Factory Setup.exe   Win32/OutBrowse.S potentially unwanted application   deleted - quarantined
C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial   a variant of Win32/InstallCore.RH potentially unwanted application   deleted - quarantined
D:\Program Files\WinZip Registry Optimizer\Winzipro.exe   a variant of Win32/Systweak potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\cbsidlm-tr1_7-Magical_Jelly_Bean_Keyfinder-ORG2-10079600.exe   Win32/DownloadAdmin.D potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\ANT VIRUS\ESET ANTIVIRUS 7 x32x64 [HYPERDRIVE25]\ESET ANTIVIRUS 7 x32x64 [HYPERDRIVE25]\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe   a variant of Win32/RiskWare.HackAV.II application   cleaned by deleting - quarantined
F:\NEW PROGRAMS\ATTIVATUTTO\keygen vegas & more.exe   a variant of MSIL/Kryptik.IR trojan   cleaned by deleting - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\doxpsetup Document convert.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\insetup EyeLine Surveillance.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\insetup Video surveillance.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\keygen vegas & more.exe   a variant of MSIL/Kryptik.IR trojan   cleaned by deleting - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\vGrabber_convt Video from utube_setup.exe   Win32/Adware.Bundlore application   cleaned by deleting - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\vppsetup (2).exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\vppsetup.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\Adobe Photoshop Lightroom 5 Final Multilanguage_Activation\setup.exe   multiple threats   cleaned by deleting - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\NCH\NCH Express Dictate v5.66 with Key [TorDigger]\edsetup_engl.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\NCH\NCH Express Talk Business Edition v4.28 with Key [TorDigger]\talksetup_engl.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\NCH\NCH RecordPad Sound Recorder v4.18 with key by Senzati\NCH RecordPad Sound Recorder v4.18.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\NCH Doxillion Document Converter v2.08 Beta with Key [TorDigger]\doxpsetup.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\NCH Editor\NCH Prism New Video File Converter v1.61 Dark4m\prismpsetup.exe   a variant of Win32/Toolbar.Conduit.K potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\AUDIO VIDEO\NCH Editor\NCH WavePad Sound Editor Master's Edition 4.40 + Keys [RH]\WavepadSoundEditor.4.40_v4.40.exe   a variant of Win32/Toolbar.Conduit.I potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\NCH Doxillion Document Converter v2.08 Beta with Key [TorDigger]\doxpsetup.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\NCH VideoPad.Video.Editor.Pro.2.40_2\vpsetup.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\OFFICE\classic-menu-for-office-2007-v45_id1047254id.exe   a variant of Win32/MediaGet potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\OFFICE\classicmenuforofficeenterprise2010-setup.exe   Win32/DownloadAdmin.G potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\PDF ADOBE\Adobe Photoshop Lightroom 5 Final Multilanguage_Activation\setup.exe   multiple threats   cleaned by deleting - quarantined
F:\NEW PROGRAMS\PROXY\HSS-3.09-install-e-449-conduit.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
F:\NEW PROGRAMS\WINDOWS\loader_exe_7_hazar_latest_downloader.exe   Win32/Adware.MediaFinder application   cleaned by deleting - quarantined
G:\BackUp 6 Oct 14\Desktop\Alfa R\ESET\ESET ANTIVIRUS 7 x32x64 [HYPERDRIVE25]\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe   a variant of Win32/RiskWare.HackAV.II application   cleaned by deleting - quarantined
G:\BackUp 6 Oct 14\Desktop\Alfa R\ESET\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe   a variant of Win32/RiskWare.HackAV.II application   cleaned by deleting - quarantined
G:\BackUp 6 Oct 14\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch (1).exe   Win32/AdWare.1ClickDownload.AW application   cleaned by deleting - quarantined
G:\BackUp 6 Oct 14\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch.exe   Win32/AdWare.1ClickDownload.AT application   cleaned by deleting - quarantined
G:\BackUp 6 Oct 14\Downloads\Format Factory Setup.exe   Win32/OutBrowse.S potentially unwanted application   deleted - quarantined
G:\BackUp 6 Oct 14\Downloads\NCH Express Dictate v5.66 with Key [TorDigger]\edsetup_engl.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
G:\BackUp 6 Oct 14\Downloads\NCH Express Talk Business Edition v4.28 with Key [TorDigger]\talksetup_engl.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined
G:\BackUp 6 Oct 14\Downloads\NCH RecordPad Sound Recorder v4.18 with key by Senzati\NCH RecordPad Sound Recorder v4.18.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application   deleted - quarantined

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Administrator (administrator) on KHAN on 28-11-2014 22:22:22
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDirector12\PDR12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDirector12\PDHanumanSvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [~rmvtxrr] => C:\Users\Administrator\Downloads\fg742p.exe [2115360 2013-11-20] (Dynamic Internet Technology, Inc.)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64655607D00AD001
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-11-16] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2013-10-03] (OLYMPUS IMAGING CORP.) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4772144 2013-02-21] (O&O Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-18] (Sandboxie Holdings, LLC)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [278016 2014-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-25] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-15] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-15] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-08-15] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R4 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-28] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-18] () [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-11-27] (secr9tos) [File not signed]
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [98064 2012-10-24] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [29456 2012-10-24] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [209168 2012-10-24] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [32528 2012-10-24] (O&O Software GmbH)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [20808 2013-11-30] (Christian Gulden)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-18] (Sandboxie Holdings, LLC)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-16] (Acronis)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2011-06-23] (Windows ® Win 7 DDK provider)
S0 hcov; System32\drivers\werlmk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 22:22 - 2014-11-28 22:22 - 00013467 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-28 22:19 - 2014-11-28 22:19 - 00006780 _____ () C:\Users\Administrator\Desktop\ESETScan.txt
2014-11-28 15:48 - 2014-11-28 15:48 - 00001651 _____ () C:\Users\Administrator\Desktop\MBAM scan.txt
2014-11-28 14:56 - 2014-11-28 16:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-28 14:55 - 2014-11-28 14:55 - 00001088 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-28 14:55 - 2014-11-28 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-28 14:55 - 2014-11-28 14:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-28 14:55 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-28 14:50 - 2014-11-28 14:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-26 16:12 - 2014-11-26 16:12 - 15196248 _____ () C:\Users\Administrator\Desktop\RogueKiller.exe
2014-11-26 15:38 - 2014-11-26 15:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 08:50 - 2014-11-26 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2014-11-26 08:49 - 2014-11-26 08:50 - 00000000 ____D () C:\Program Files\Free Sound Recorder
2014-11-26 08:49 - 2006-03-23 12:56 - 00113486 _____ () C:\Windows\system32\NCTWMAProfiles.prx
2014-11-26 08:49 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioInformation2.dll
2014-11-26 08:49 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioFile2.dll
2014-11-26 08:49 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioRecord2.dll
2014-11-26 08:49 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioPlayer2.dll
2014-11-26 08:49 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioEditor2.dll
2014-11-26 08:49 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioTransform2.dll
2014-11-26 08:49 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioVisualization2.dll
2014-11-26 08:49 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTTextToAudio2.dll
2014-11-26 08:49 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\Windows\system32\NCTWMAFile2.dll
2014-11-26 08:49 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\Windows\system32\NCTAudioCDGrabber2.dll
2014-11-24 22:39 - 2014-11-24 22:39 - 00415232 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-11-24 11:55 - 2014-11-24 11:55 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-11-21 00:18 - 2014-11-27 16:43 - 01109504 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-11-20 23:34 - 2014-11-20 23:34 - 00022618 _____ () C:\ComboFix.txt
2014-11-20 22:25 - 2014-11-20 22:25 - 05598306 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-11-20 08:27 - 2014-11-20 23:34 - 00000000 ____D () C:\Qoobox
2014-11-19 10:15 - 2014-11-21 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-19 10:02 - 2014-11-19 10:02 - 00000000 ____D () C:\Users\Administrator\Downloads\mbar-1.08.1.1001
2014-11-19 09:52 - 2014-11-19 09:52 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.08.1.1001.exe
2014-11-19 09:33 - 2014-11-19 09:33 - 00854414 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-11-16 16:44 - 2014-11-28 22:22 - 00000000 ____D () C:\FRST
2014-11-16 15:31 - 2014-11-24 21:40 - 00027210 ____H () C:\Users\Administrator\Desktop\~WRL3949.tmp
2014-11-16 15:31 - 2014-11-24 08:51 - 00028867 ____H () C:\Users\Administrator\Desktop\~WRL2694.tmp
2014-11-16 15:31 - 2014-11-22 09:46 - 00026763 ____H () C:\Users\Administrator\Desktop\~WRL1089.tmp
2014-11-16 15:31 - 2014-11-21 17:22 - 00025830 ____H () C:\Users\Administrator\Desktop\~WRL2672.tmp
2014-11-15 16:11 - 2014-11-26 15:15 - 00154112 ____H () C:\Users\Administrator\Desktop\~WRL3325.tmp
2014-11-15 11:33 - 2014-11-27 09:08 - 00001736 _____ () C:\Windows\error.log
2014-11-15 02:39 - 2014-11-15 02:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-11-15 02:39 - 2014-11-15 02:39 - 00000000 ____D () C:\RegBackup
2014-11-15 00:33 - 2014-11-15 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 22:32 - 2014-11-14 22:33 - 01706808 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-11-14 19:10 - 2014-11-14 19:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-11-14 19:07 - 2014-11-14 19:08 - 02140160 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2014-11-14 19:04 - 2014-11-14 23:02 - 00000000 ____D () C:\AdwCleaner
2014-11-14 13:23 - 2014-11-14 13:24 - 120201976 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2014-11-12 19:04 - 2014-11-12 19:04 - 00013630 _____ () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch.htm
2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch_files
2014-11-12 19:03 - 2014-11-12 19:14 - 22892794 _____ (Audacity Team ) C:\Users\Administrator\Downloads\audacity-win-2.0.6.exe
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Administrator\Documents\2006 FIFA World Cup™
2014-11-12 16:10 - 2014-11-12 16:10 - 00061440 _____ ( ) C:\Users\Administrator\Downloads\VEW.exe
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\Speccy
2014-11-12 13:15 - 2014-11-12 13:15 - 00000000 ____D () C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2014-11-12 13:12 - 2014-11-12 13:19 - 09817304 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-11-12 12:48 - 2014-11-12 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-11-11 17:37 - 2014-11-11 17:37 - 00000288 _____ () C:\Windows\Support.ini
2014-11-11 17:37 - 2014-11-11 17:37 - 00000000 ____D () C:\Program Files\Common Files\Olympus Shared
2014-11-11 17:32 - 2014-11-12 11:12 - 00000000 ____D () C:\Program Files\The FTW Transcriber
2014-11-11 17:32 - 2014-11-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
2014-11-11 17:28 - 2014-11-11 17:30 - 24588601 _____ (The Tyger Valley Systems, Inc. ) C:\Users\Administrator\Downloads\FTW Transcribe setup.exe
2014-11-11 17:21 - 2014-11-11 17:21 - 01177930 _____ () C:\Users\Administrator\Downloads\NCH.Express.Scribe.Pro.v5.55.Incl.Keygen-BRD.rar
2014-11-11 12:07 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 11:00 - 2014-11-11 14:46 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2014-11-11 09:31 - 2014-11-11 09:31 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-11-11 09:30 - 2014-11-11 09:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVS4YOU
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-11 08:27 - 2014-11-20 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 23:40 - 2014-11-10 23:41 - 00644160 _____ () C:\Users\Administrator\Downloads\switchsetupSoftonicEN.exe
2014-11-10 16:44 - 2014-11-10 16:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-11-10 16:40 - 2014-11-10 16:40 - 04578024 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-10 10:01 - 2014-11-10 17:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
2014-11-09 11:37 - 2014-11-09 11:37 - 13708848 _____ () C:\Users\Administrator\Downloads\SysinternalsSuite(1).zip
2014-11-04 18:35 - 2014-11-04 18:35 - 00000775 _____ () C:\Users\Administrator\Downloads\Drive Update NVIDER.txt
2014-11-04 12:29 - 2014-11-04 12:29 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (3).exe.1pwp9uk.partial
2014-11-04 12:26 - 2014-11-04 12:26 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (2).exe.hjxm4kd.partial
2014-11-04 11:58 - 2014-11-13 14:50 - 00001149 _____ () C:\Windows\~soundrecorder.dat
2014-11-03 23:36 - 2014-11-03 23:36 - 00000951 _____ () C:\Users\Administrator\Desktop\Balabolka.lnk
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\Documents\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Balabolka
2014-11-03 23:35 - 2014-11-03 23:36 - 00000000 ____D () C:\Program Files\Balabolka
2014-11-03 22:42 - 2014-11-03 23:39 - 00000000 ____D () C:\Users\Administrator\Downloads\Speach
2014-11-03 18:01 - 2014-11-03 18:03 - 31079968 _____ () C:\Users\Administrator\Downloads\Ivona_Reader_inst_wi_ne.exe
2014-11-03 17:12 - 2014-11-03 19:57 - 1092299089 _____ () C:\Users\Administrator\Downloads\ATT tts setup w audrey voice.rar
2014-11-03 16:18 - 2014-11-16 08:12 - 00017395 _____ () C:\Users\Administrator\Desktop\ABC 1 Page 9 Copy 2.txt
2014-11-03 08:25 - 2014-11-03 08:33 - 231177072 _____ () C:\Users\Administrator\Downloads\PowerDirector_3403_GM7_Patch_Patch_VDE141006-01.exe
2014-11-02 16:09 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2014-11-02 15:57 - 2014-11-02 15:57 - 00002169 _____ () C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2014-11-02 15:57 - 2014-11-02 15:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 15:31 - 2014-11-02 15:31 - 00002201 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-11-02 15:31 - 2014-11-02 15:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-02 15:28 - 2014-11-02 15:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-02 15:24 - 2014-11-12 23:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-02 15:21 - 2014-11-02 15:21 - 00064218 _____ () C:\Users\Administrator\Documents\cc_20141102_142119.reg
2014-11-02 10:22 - 2014-11-02 10:22 - 00680956 _____ ( ) C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
2014-11-02 09:50 - 2014-11-02 10:00 - 01029080 _____ (CyberLink) C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-11-02 09:45 - 2014-11-02 09:48 - 00001007 _____ () C:\Users\test\Desktop\CyberLink_update 3625.lnk
2014-11-01 09:56 - 2014-11-01 09:57 - 08857025 _____ () C:\Users\Administrator\Downloads\A Time To Kill Trailer.mp4
2014-10-31 18:04 - 2014-11-12 11:22 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-10-31 18:04 - 2014-10-31 18:04 - 00000000 ____D () C:\ProgramData\eSellerate
2014-10-31 17:46 - 2014-10-31 17:46 - 00039542 _____ () C:\Users\Administrator\Documents\cc_20141031_164610.reg
2014-10-31 16:55 - 2014-11-25 16:02 - 00000000 ____D () C:\Users\Administrator\Downloads\Power Direct
2014-10-29 22:02 - 2014-10-29 22:02 - 00000841 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 19:42 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 19:42 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 16:02 - 2014-01-25 22:35 - 00000000 ____D () C:\Program Files\ESET
2014-11-28 15:20 - 2013-11-02 21:34 - 01446401 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 14:55 - 2014-07-12 10:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-28 14:55 - 2013-11-08 12:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-11-28 14:55 - 2013-11-08 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-27 21:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Windows\Lhsp
2014-11-27 21:50 - 2010-11-21 07:01 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 09:11 - 2013-03-19 20:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-27 09:08 - 2014-10-06 23:00 - 00247468 _____ () C:\Windows\setupact.log
2014-11-27 09:08 - 2014-10-06 22:52 - 00003375 _____ () C:\Windows\errord.log
2014-11-27 09:08 - 2011-05-13 18:15 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-11-27 09:08 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 02:44 - 2012-07-26 00:00 - 00944128 ___SH () C:\Users\Administrator\Desktop\Thumbs.db
2014-11-27 02:04 - 2014-10-16 18:42 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-27 00:22 - 2014-10-06 22:52 - 00087418 _____ () C:\Windows\PFRO.log
2014-11-26 21:18 - 2012-09-20 10:14 - 00000000 ____D () C:\Users\Administrator\Desktop\NewNow
2014-11-26 17:52 - 2013-07-08 10:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Tempo Video
2014-11-26 16:36 - 2013-11-03 17:00 - 00007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-11-26 08:50 - 2014-01-25 11:50 - 01509888 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2014-11-26 08:46 - 2013-08-28 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-11-26 08:46 - 2009-07-14 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-25 11:11 - 2012-05-14 00:14 - 00000000 ____D () C:\Windows\ERDNT
2014-11-21 10:02 - 2012-01-17 10:50 - 00001007 _____ () C:\Windows\Brpfx04a.ini
2014-11-20 23:28 - 2009-07-14 12:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-20 22:47 - 2009-07-14 12:03 - 69206016 _____ () C:\Windows\system32\config\software.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 24379392 _____ () C:\Windows\system32\config\system.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-20 22:19 - 2012-08-06 14:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-11-20 22:15 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\Administrator
2014-11-20 22:14 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-20 22:13 - 2014-10-06 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-11-20 22:13 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2014-11-20 22:13 - 2013-11-05 21:59 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-20 22:13 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\test
2014-11-20 22:12 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\registration
2014-11-19 09:51 - 2014-02-27 13:45 - 00015728 _____ () C:\Users\Administrator\Desktop\Provisor.txt
2014-11-18 01:45 - 2014-02-28 10:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-18 01:45 - 2014-02-28 10:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 10:19 - 2014-08-29 11:28 - 00000000 ___RD () C:\Users\Administrator\Downloads\Toto-FrancocCiccio
2014-11-16 08:51 - 2013-07-19 22:04 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-15 11:06 - 2013-11-03 14:47 - 00141312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:03 - 2012-01-20 12:07 - 00000000 ____D () C:\Windows\pss
2014-11-15 10:49 - 2009-07-14 14:33 - 03943296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 10:48 - 2011-04-12 12:24 - 00000000 ____D () C:\Windows\CSC
2014-11-14 18:50 - 2013-11-03 12:31 - 00000000 ____D () C:\Program Files\Software Remove Master
2014-11-14 12:10 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-12 23:18 - 2013-11-20 17:15 - 00000564 _____ () C:\Users\Administrator\Downloads\fg.ini
2014-11-12 23:17 - 2014-01-11 00:56 - 00002952 _____ () C:\Windows\Sandboxie.ini
2014-11-12 23:07 - 2014-10-16 23:10 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-11-12 11:22 - 2012-01-17 10:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 18:36 - 2013-08-27 22:24 - 00003079 _____ () C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
2014-11-10 23:08 - 2014-09-14 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-11-09 10:38 - 2013-11-02 20:37 - 12845056 _____ () C:\Users\Administrator\ntuser.bak
2014-11-07 01:29 - 2014-03-01 11:06 - 00000000 ____D () C:\Users\Administrator\Downloads\IVONA Voices 2 (1.6.63)
2014-11-06 19:43 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-03 12:34 - 2014-09-22 21:27 - 00000000 ____D () C:\Users\Administrator\Documents\Free Sound Recorder
2014-11-03 08:09 - 2013-11-21 16:37 - 00015682 _____ () C:\Users\Administrator\Downloads\fghelp_en.htm
2014-11-02 16:02 - 2012-07-30 10:34 - 00000056 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_654
2014-11-02 15:58 - 2013-07-19 21:45 - 00000000 ____D () C:\ProgramData\install_clap
2014-10-29 22:03 - 2013-06-24 19:55 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2014-10-29 22:02 - 2013-11-13 12:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 00:07

==================== End Of Log ============================

Body Background

skin color theme

Is It a Backdoor.Win32 [Solved]

#16 soloio

Advertisements

Register to Remove

#17 OCD

#18 soloio

#19 OCD

#20 soloio

#21 OCD

#22 soloio

#23 OCD

#24 soloio

#25 OCD

Advertisements

Register to Remove

#26 soloio

#27 OCD

#28 soloio

#29 OCD

#30 soloio

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Is It a Backdoor.Win32 [Solved]

#16 soloio

Advertisements Register to Remove

#17 OCD

#18 soloio

#19 OCD

#20 soloio

#21 OCD

#22 soloio

#23 OCD

#24 soloio

#25 OCD

Advertisements Register to Remove

#26 soloio

#27 OCD

#28 soloio

#29 OCD

#30 soloio

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove