WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is It a Backdoor.Win32 [Solved]

Started by soloio , Nov 16 2014 01:34 AM

Am I infected with a virus?

This topic is locked

42 replies to this topic

#31 OCD

SuperHelper

Malware Team
5,574 posts

Posted 28 November 2014 - 11:43 AM

Hi soloio ,

VirusTotal

Please go to: VirusTotal

Click the Browse button and search for the following file: C:\Users\Administrator\Downloads\fg742p.exe
Click Open
Then click Send File
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

=========================

TFC

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
- Vista, Windows 7 & 8 Right click and select "Run as Administrator"
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
C:\Users\Administrator\Downloads\Format Factory Setup.exe
C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial
C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch.exe
CMD: ipconfig /flushdns
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

Virus Total results
Fixlog.txt
How is the computer running, any issues remaining?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#32 soloio

Authentic Member

Authentic Member
22 posts

Posted 28 November 2014 - 07:26 PM

HI! OCD

file: C:\Users\Administrator\Downloads\fg742p.exe

I HAVE NOT scanned for this file. (please read On)

About D I T – Dynamic Internet Technology

http://us.dongtaiwang.com/home_en.php

also known as DYNAWEB, I have used some time to hide my IP when surfing to avoid malware as it changes IP address, I believe it does not install, I have remove it for your peace of mind

I do not see any problems or anything unusual with computer

About: mbam setup, the Malwarebytes downloaded for scanning in your previous post, How I revert to my original program? Can I Re-install Malwarebytes as previously, it is not that important and I can wait if it is better to finish this first.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Administrator at 2014-11-29 11:19:35 Run:7
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Users\Administrator\Downloads\Format Factory Setup.exe
C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial
C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part
C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch.exe
CMD: ipconfig /flushdns
End
*****************

C:\Users\Administrator\Downloads\Format Factory Setup.exe => Moved successfully.
C:\Users\Administrator\Downloads\FreeSoundRecorder (1).exe.p25xcaq.partial => Moved successfully.
C:\Users\Administrator\Downloads\FreeSoundRecorder(1).exe.part => Moved successfully.
C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Ultimate_12.0.2915.0___Patch.exe => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

==== End of Fixlog ====

#33 OCD

SuperHelper

Malware Team
5,574 posts

Posted 28 November 2014 - 08:37 PM

Hi soloio,

About: mbam setup, the Malwarebytes downloaded for scanning in your previous post, How I revert to my original program? Can I Re-install Malwarebytes as previously, it is not that important and I can wait if it is better to finish this first.

Do you have two instances of MBAM installed?

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Select the Addition box
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

FRST.txt
Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#34 soloio

Authentic Member

Authentic Member
22 posts

Posted 29 November 2014 - 01:10 AM

HI! OCD

When I downloaded mbam setup to scan computer it has taken over the Malwarebytes program I had, it is showing the same window that I scanned with, it is protecting the system like before, no problems there just the same window to scan.

PS it may have uninstalled my previous program?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Administrator (administrator) on KHAN on 29-11-2014 17:04:57
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: test & Administrator)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Synergy\synergyd.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDirector12\PDR12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDirector12\PDHanumanSvr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [~rmvtxrr] => C:\Users\Administrator\Downloads\fg742p.exe
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2411852452-117403543-12125213-500\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\OO Software\DiskImage\oodishi.dll (O&O Software GmbH)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64655607D00AD001
HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\960azfpj.default-1415280631391
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-11-16] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Olympus DVR Service; C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2013-10-03] (OLYMPUS IMAGING CORP.) [File not signed]
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4772144 2013-02-21] (O&O Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-18] (Sandboxie Holdings, LLC)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [278016 2014-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121688 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-25] (AVG Technologies)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-08-15] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-08-15] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-08-15] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-18] () [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-11-29] (secr9tos) [File not signed]
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [98064 2012-10-24] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [29456 2012-10-24] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [209168 2012-10-24] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [32528 2012-10-24] (O&O Software GmbH)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [20808 2013-11-30] (Christian Gulden)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-18] (Sandboxie Holdings, LLC)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-16] (Acronis)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2011-06-23] (Windows ® Win 7 DDK provider)
S0 hcov; System32\drivers\werlmk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 17:04 - 2014-11-29 17:05 - 00013716 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-29 10:09 - 2014-11-29 10:10 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\TFC(1).exe
2014-11-28 14:56 - 2014-11-29 11:27 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-28 14:55 - 2014-11-28 14:55 - 00001088 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-28 14:55 - 2014-11-28 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-28 14:55 - 2014-11-28 14:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-28 14:55 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-28 14:50 - 2014-11-28 14:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-26 16:12 - 2014-11-26 16:12 - 15196248 _____ () C:\Users\Administrator\Desktop\RogueKiller.exe
2014-11-26 15:38 - 2014-11-26 15:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 08:50 - 2014-11-26 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2014-11-26 08:49 - 2014-11-26 08:50 - 00000000 ____D () C:\Program Files\Free Sound Recorder
2014-11-26 08:49 - 2006-03-23 12:56 - 00113486 _____ () C:\Windows\system32\NCTWMAProfiles.prx
2014-11-26 08:49 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioInformation2.dll
2014-11-26 08:49 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\Windows\system32\NCTAudioFile2.dll
2014-11-26 08:49 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioRecord2.dll
2014-11-26 08:49 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioPlayer2.dll
2014-11-26 08:49 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioEditor2.dll
2014-11-26 08:49 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioTransform2.dll
2014-11-26 08:49 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTAudioVisualization2.dll
2014-11-26 08:49 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\Windows\system32\NCTTextToAudio2.dll
2014-11-26 08:49 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\Windows\system32\NCTWMAFile2.dll
2014-11-26 08:49 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\Windows\system32\NCTAudioCDGrabber2.dll
2014-11-24 22:39 - 2014-11-24 22:39 - 00415232 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-11-24 11:55 - 2014-11-24 11:55 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-11-21 00:18 - 2014-11-27 16:43 - 01109504 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-11-20 23:34 - 2014-11-20 23:34 - 00022618 _____ () C:\ComboFix.txt
2014-11-20 22:25 - 2014-11-20 22:25 - 05598306 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-11-20 08:27 - 2014-11-20 23:34 - 00000000 ____D () C:\Qoobox
2014-11-19 10:15 - 2014-11-21 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-19 10:02 - 2014-11-19 10:02 - 00000000 ____D () C:\Users\Administrator\Downloads\mbar-1.08.1.1001
2014-11-19 09:52 - 2014-11-19 09:52 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.08.1.1001.exe
2014-11-19 09:33 - 2014-11-19 09:33 - 00854414 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-11-16 16:44 - 2014-11-29 17:05 - 00000000 ____D () C:\FRST
2014-11-16 15:31 - 2014-11-29 12:43 - 00028472 ____H () C:\Users\Administrator\Desktop\~WRL2652.tmp
2014-11-16 15:31 - 2014-11-24 21:40 - 00027210 ____H () C:\Users\Administrator\Desktop\~WRL3949.tmp
2014-11-16 15:31 - 2014-11-24 08:51 - 00028867 ____H () C:\Users\Administrator\Desktop\~WRL2694.tmp
2014-11-16 15:31 - 2014-11-22 09:46 - 00026763 ____H () C:\Users\Administrator\Desktop\~WRL1089.tmp
2014-11-16 15:31 - 2014-11-21 17:22 - 00025830 ____H () C:\Users\Administrator\Desktop\~WRL2672.tmp
2014-11-15 11:33 - 2014-11-29 11:12 - 00001860 _____ () C:\Windows\error.log
2014-11-15 02:39 - 2014-11-15 02:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KHAN-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-11-15 02:39 - 2014-11-15 02:39 - 00000000 ____D () C:\RegBackup
2014-11-15 00:33 - 2014-11-15 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-15 00:32 - 2014-11-15 00:32 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-14 22:32 - 2014-11-14 22:33 - 01706808 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-11-14 19:10 - 2014-11-14 19:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-11-14 19:07 - 2014-11-14 19:08 - 02140160 _____ () C:\Users\Administrator\Downloads\AdwCleaner.exe
2014-11-14 19:04 - 2014-11-14 23:02 - 00000000 ____D () C:\AdwCleaner
2014-11-14 13:23 - 2014-11-14 13:24 - 120201976 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2014-11-12 19:04 - 2014-11-12 19:04 - 00013630 _____ () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch.htm
2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Administrator\Downloads\Convert recorded audio to text _ Level Up Lunch_files
2014-11-12 19:03 - 2014-11-12 19:14 - 22892794 _____ (Audacity Team ) C:\Users\Administrator\Downloads\audacity-win-2.0.6.exe
2014-11-12 18:19 - 2014-11-12 18:19 - 00000000 ____D () C:\Users\Administrator\Documents\2006 FIFA World Cup™
2014-11-12 16:10 - 2014-11-12 16:10 - 00061440 _____ ( ) C:\Users\Administrator\Downloads\VEW.exe
2014-11-12 14:39 - 2014-11-12 14:39 - 00000000 ____D () C:\Program Files\Speccy
2014-11-12 13:12 - 2014-11-12 13:19 - 09817304 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-11-12 12:48 - 2014-11-12 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-11-11 17:37 - 2014-11-11 17:37 - 00000288 _____ () C:\Windows\Support.ini
2014-11-11 17:37 - 2014-11-11 17:37 - 00000000 ____D () C:\Program Files\Common Files\Olympus Shared
2014-11-11 17:32 - 2014-11-12 11:12 - 00000000 ____D () C:\Program Files\The FTW Transcriber
2014-11-11 17:32 - 2014-11-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The FTW Transcriber
2014-11-11 17:28 - 2014-11-11 17:30 - 24588601 _____ (The Tyger Valley Systems, Inc. ) C:\Users\Administrator\Downloads\FTW Transcribe setup.exe
2014-11-11 17:21 - 2014-11-11 17:21 - 01177930 _____ () C:\Users\Administrator\Downloads\NCH.Express.Scribe.Pro.v5.55.Incl.Keygen-BRD.rar
2014-11-11 12:07 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 11:00 - 2014-11-11 14:46 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2014-11-11 09:31 - 2014-11-11 09:31 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-11-11 09:30 - 2014-11-11 09:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVS4YOU
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-11-11 09:29 - 2014-11-12 13:36 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-11-11 08:27 - 2014-11-20 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 23:40 - 2014-11-10 23:41 - 00644160 _____ () C:\Users\Administrator\Downloads\switchsetupSoftonicEN.exe
2014-11-10 16:44 - 2014-11-10 16:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-11-10 16:40 - 2014-11-10 16:40 - 04578024 _____ (AVG Technologies) C:\Users\Administrator\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-10 10:01 - 2014-11-10 17:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
2014-11-09 11:37 - 2014-11-09 11:37 - 13708848 _____ () C:\Users\Administrator\Downloads\SysinternalsSuite(1).zip
2014-11-04 18:35 - 2014-11-04 18:35 - 00000775 _____ () C:\Users\Administrator\Downloads\Drive Update NVIDER.txt
2014-11-04 12:29 - 2014-11-04 12:29 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (3).exe.1pwp9uk.partial
2014-11-04 12:26 - 2014-11-04 12:26 - 00000000 _____ () C:\Users\Administrator\Downloads\FreeSoundRecorder (2).exe.hjxm4kd.partial
2014-11-04 11:58 - 2014-11-13 14:50 - 00001149 _____ () C:\Windows\~soundrecorder.dat
2014-11-03 23:36 - 2014-11-03 23:36 - 00000951 _____ () C:\Users\Administrator\Desktop\Balabolka.lnk
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\Documents\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-11-03 23:36 - 2014-11-03 23:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Balabolka
2014-11-03 23:35 - 2014-11-03 23:36 - 00000000 ____D () C:\Program Files\Balabolka
2014-11-03 22:42 - 2014-11-03 23:39 - 00000000 ____D () C:\Users\Administrator\Downloads\Speach
2014-11-03 18:01 - 2014-11-03 18:03 - 31079968 _____ () C:\Users\Administrator\Downloads\Ivona_Reader_inst_wi_ne.exe
2014-11-03 17:12 - 2014-11-03 19:57 - 1092299089 _____ () C:\Users\Administrator\Downloads\ATT tts setup w audrey voice.rar
2014-11-03 16:18 - 2014-11-16 08:12 - 00017395 _____ () C:\Users\Administrator\Desktop\ABC 1 Page 9 Copy 2.txt
2014-11-03 08:25 - 2014-11-03 08:33 - 231177072 _____ () C:\Users\Administrator\Downloads\PowerDirector_3403_GM7_Patch_Patch_VDE141006-01.exe
2014-11-02 16:09 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2014-11-02 15:57 - 2014-11-02 15:57 - 00002169 _____ () C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2014-11-02 15:57 - 2014-11-02 15:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 15:31 - 2014-11-02 15:31 - 00002201 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-11-02 15:31 - 2014-11-02 15:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2014-11-02 15:28 - 2014-11-02 15:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-02 15:24 - 2014-11-12 23:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-02 15:21 - 2014-11-02 15:21 - 00064218 _____ () C:\Users\Administrator\Documents\cc_20141102_142119.reg
2014-11-02 09:50 - 2014-11-02 10:00 - 01029080 _____ (CyberLink) C:\Users\Administrator\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-11-02 09:45 - 2014-11-02 09:48 - 00001007 _____ () C:\Users\test\Desktop\CyberLink_update 3625.lnk
2014-11-01 09:56 - 2014-11-01 09:57 - 08857025 _____ () C:\Users\Administrator\Downloads\A Time To Kill Trailer.mp4
2014-10-31 18:04 - 2014-11-12 11:22 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-10-31 18:04 - 2014-10-31 18:04 - 00000000 ____D () C:\ProgramData\eSellerate
2014-10-31 17:46 - 2014-10-31 17:46 - 00039542 _____ () C:\Users\Administrator\Documents\cc_20141031_164610.reg
2014-10-31 16:55 - 2014-11-25 16:02 - 00000000 ____D () C:\Users\Administrator\Downloads\Power Direct

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 15:41 - 2014-01-25 11:50 - 01509888 ___SH () C:\Users\Administrator\Downloads\Thumbs.db
2014-11-29 11:20 - 2013-03-19 20:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-29 11:17 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 11:17 - 2009-07-14 14:34 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 11:16 - 2010-11-21 07:01 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-29 11:15 - 2013-11-02 21:34 - 01509491 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 11:12 - 2014-10-06 23:00 - 00252668 _____ () C:\Windows\setupact.log
2014-11-29 11:12 - 2014-10-06 22:52 - 00088028 _____ () C:\Windows\PFRO.log
2014-11-29 11:12 - 2014-10-06 22:52 - 00003402 _____ () C:\Windows\errord.log
2014-11-29 11:12 - 2011-05-13 18:15 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-11-29 11:12 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 09:58 - 2014-02-27 13:45 - 00015885 _____ () C:\Users\Administrator\Desktop\Provisor.txt
2014-11-29 09:07 - 2013-11-08 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-28 16:02 - 2014-01-25 22:35 - 00000000 ____D () C:\Program Files\ESET
2014-11-28 14:55 - 2013-11-08 12:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-11-27 21:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Windows\Lhsp
2014-11-27 02:44 - 2012-07-26 00:00 - 00944128 ___SH () C:\Users\Administrator\Desktop\Thumbs.db
2014-11-27 02:04 - 2014-10-16 18:42 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-26 21:18 - 2012-09-20 10:14 - 00000000 ____D () C:\Users\Administrator\Desktop\NewNow
2014-11-26 17:52 - 2013-07-08 10:06 - 00000000 ____D () C:\Users\Administrator\Desktop\Tempo Video
2014-11-26 16:36 - 2013-11-03 17:00 - 00007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-11-26 08:46 - 2013-08-28 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-11-26 08:46 - 2009-07-14 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-25 11:11 - 2012-05-14 00:14 - 00000000 ____D () C:\Windows\ERDNT
2014-11-21 10:02 - 2012-01-17 10:50 - 00001007 _____ () C:\Windows\Brpfx04a.ini
2014-11-20 23:28 - 2009-07-14 12:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-20 22:47 - 2009-07-14 12:03 - 69206016 _____ () C:\Windows\system32\config\software.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 24379392 _____ () C:\Windows\system32\config\system.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-20 22:47 - 2009-07-14 12:03 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-20 22:19 - 2012-08-06 14:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-11-20 22:15 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\Administrator
2014-11-20 22:14 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-20 22:13 - 2014-10-06 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-11-20 22:13 - 2014-01-26 02:12 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2014-11-20 22:13 - 2013-11-05 21:59 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-20 22:13 - 2013-11-02 20:37 - 00000000 ____D () C:\Users\test
2014-11-20 22:12 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\registration
2014-11-18 01:45 - 2014-02-28 10:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-18 01:45 - 2014-02-28 10:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 10:19 - 2014-08-29 11:28 - 00000000 ___RD () C:\Users\Administrator\Downloads\Toto-FrancocCiccio
2014-11-16 08:51 - 2013-07-19 22:04 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-15 11:06 - 2013-11-03 14:47 - 00141312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:03 - 2012-01-20 12:07 - 00000000 ____D () C:\Windows\pss
2014-11-15 10:49 - 2009-07-14 14:33 - 03943296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 10:48 - 2011-04-12 12:24 - 00000000 ____D () C:\Windows\CSC
2014-11-14 18:50 - 2013-11-03 12:31 - 00000000 ____D () C:\Program Files\Software Remove Master
2014-11-14 12:10 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-12 23:17 - 2014-01-11 00:56 - 00002952 _____ () C:\Windows\Sandboxie.ini
2014-11-12 23:07 - 2014-10-16 23:10 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-11-12 11:22 - 2012-01-17 10:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 18:36 - 2013-08-27 22:24 - 00003079 _____ () C:\Users\Administrator\AppData\Roaming\SAS7_000.DAT
2014-11-10 23:08 - 2014-09-14 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-11-09 10:38 - 2013-11-02 20:37 - 12845056 _____ () C:\Users\Administrator\ntuser.bak
2014-11-07 01:29 - 2014-03-01 11:06 - 00000000 ____D () C:\Users\Administrator\Downloads\IVONA Voices 2 (1.6.63)
2014-11-06 19:43 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-03 12:34 - 2014-09-22 21:27 - 00000000 ____D () C:\Users\Administrator\Documents\Free Sound Recorder
2014-11-02 16:02 - 2012-07-30 10:34 - 00000056 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_654
2014-11-02 15:58 - 2013-07-19 21:45 - 00000000 ____D () C:\ProgramData\install_clap

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 00:07

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Administrator at 2014-11-29 17:06:18
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2411852452-117403543-12125213-500\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Acronis True Image Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM\...\AU10_is1) (Version: 10 - Innovative Solutions)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.3.0.0 - SlySoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.1.9.000 - Asmedia Technology)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
AZARDI (HKLM\...\AZARDI_is1) (Version: - Infogrid Pacific Pte. Ltd.)
Balabolka (HKLM\...\Balabolka) (Version: 2.10.0.575 - Ilya Morozov)
Brother MFL-Pro Suite MFC-790CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Classic Menu for Office Enterprise 2010 and 2013 v5.85 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.85 - Addintools)
Contents (Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X6 (HKLM\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
CyberLink PowerDirector 12 (HKLM\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3403.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 6.0 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.0.0.0 - Binary Fortress Software)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{6DCA86D6-F197-41B7-BD33-43E32A15A41E}) (Version: 7.0.302.0 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free Sound Recorder v9.7.5 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc.)
Freeware PDF Unlocker (HKLM\...\{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}) (Version: 1.0.4 - SMTguru)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version: - SlavaSoft Inc.)
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
ICA (Version: 16.0.0.106 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IPM_VS_Pro (Version: 16.0 - Corel Corporation) Hidden
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
L&H TTS3000 Italiano (HKLM\...\LHTTSITI) (Version: - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nero 12 (HKLM\...\{D529E699-7753-46E7-8B73-C5556EF5B486}) (Version: 12.0.03500 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{2AAD066E-698F-48A1-A7D0-0B5701DCAF2C}) (Version: 7.0.144 - O&O Software GmbH)
OlympusCodecs (HKLM\...\{9599AA83-D20B-45E1-819A-5EFD6AFED2BE}) (Version: 1.0.1 - Olympus)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Setup (Version: 16.0.0.106 - Corel Corporation) Hidden
Share (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Remove Master v5.0.1.3 (HKLM\...\Software Remove Master_is1) (Version: - CareWindows)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (32-bit) (HKLM\...\{48C4B49D-F876-4969-BF74-319EF3601A35}) (Version: 1.5.1 - The Synergy Project)
The FTW Transcriber version 3.1 (HKLM\...\{D27CDB6E-AE6D-11cf-96B8-444553540000}_is1) (Version: 3.1 - The Tyger Valley Systems, Inc.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Ultimate Paint 2.88 Freeware Edition (HKLM\...\UP286_is1) (Version: 2.88 - J-T-L Development)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.3 - fCoder Group, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VSClassic (Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (Version: 16.0.0.106 - Corel Corporation) Hidden
VSUltimate (Version: 16.0.0.106 - Corel Corporation) Hidden
VT-Bridget-M16-SAPI5 (HKLM\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
VT-Julie-M16-SAPI5 (HKLM\...\{C496F7CD-ED09-4D8D-872E-3470D4717714}) (Version: - )
VT-Kate-M16-SAPI5 (HKLM\...\{9FAD67A7-3A4E-4754-AAC4-0397F370611D}) (Version: - )
VT-Paul-M16-SAPI5 (HKLM\...\{942DF6BD-E4F2-4915-B4FB-09C02B71284F}) (Version: - )
Welcome App (Start-up experience) (Version: 12.0.15000 - Nero AG) Hidden
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows Driver Package - Nokia Modem (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordPerfect Office X6 - Common Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (Version: 16.0 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.318 - Corel Corporation)
WordPerfect Office X6 (Version: 16.0 - Corel Corporation) Hidden
Youtube Downloader HD v. 2.9.6 (HKLM\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

19-11-2014 01:45:05 Malwarebytes Anti-Rootkit Restore Point
24-11-2014 02:21:22 OTL Restore Point - 11/24/2014 12:21:19 PM
26-11-2014 07:37:20 Installed Eternal Love_16_9

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-30 10:34 - 2014-11-27 02:22 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CA6C9D-7CCC-428E-914C-F01421A85CBE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {08038180-7575-4743-AA20-957747EA1DF7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A897EC5-DB50-4E03-BBE3-D57A5A794189} - System32\Tasks\{2C3F50B1-D54D-40CA-992C-830EB5627BDF} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {10EF8F74-69C8-4E4F-BA9B-5DD716CE1EB4} - System32\Tasks\{3DCA905C-CBBF-424C-B155-5B0162A152CF} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {178909FA-264A-49EC-8FF2-9C56A9B13A2A} - System32\Tasks\{742B0DA6-B0BA-407B-AD13-2EF45C8B5136} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {19460C60-1E2E-4918-94E0-D512C0E5756F} - System32\Tasks\{61D2098D-AB2E-4155-BBA6-7175DCC19796} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {1BF0892A-A768-4CE9-8296-BD0AF0E558DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1D7F019C-D419-49C7-BAA0-A577C33B19D2} - System32\Tasks\{FF074E76-79B5-407D-A341-07E6BACAC239} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {1F4B18E4-27FA-4888-8A92-440059244BC2} - System32\Tasks\{C27BEF35-AF2F-476D-A7BB-2D58CADB4917} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {215EBB15-4A20-4933-A901-C46A6D3B1991} - System32\Tasks\{97E53D3C-1CE8-43C9-9697-2354A5E7825F} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {28455495-D1FC-4558-B070-A172B5334163} - System32\Tasks\{92123959-9F6E-472B-9509-79B7C22FE5A1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {2FB16726-0240-4074-A381-4DA5AC038384} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31CFD816-5E6E-4F8E-B71B-2F6344CDA3D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3967B16F-08ED-4990-9728-2855AA26C8D3} - System32\Tasks\{C49E02A8-FD5A-45A2-ABA7-BD66E3C3D11D} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {3A82721C-EA39-4C5C-A69A-93943D12BF94} - System32\Tasks\{77975FFD-B173-4AF2-9A64-88D2367B638D} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3AE87692-B99B-436C-8320-9FC7ABBADC3D} - System32\Tasks\{19747C34-5D7E-4DBB-8F29-E0CA714F7341} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {3EE8C6D0-1AAC-4ADE-A363-A2DC7FC8AA98} - System32\Tasks\{96E49231-874F-45BB-8C30-8177DF641A49} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {4389A372-FC61-40B0-85C6-475415D624A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {456C2A4E-9180-4F04-9560-3E28BB018C68} - System32\Tasks\{70259839-3263-4456-B23D-D5F4D1BE7C16} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {47939221-4A52-4194-B085-AEB2A6C2103D} - System32\Tasks\{5BE0F675-129F-4995-8F06-03EF74B0F692} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {498FCE60-CBFB-49F4-B48A-B54F9194969F} - System32\Tasks\{D09C7287-B757-40E0-9BAB-29FB2DBBA8FE} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {4F43426A-4609-4EAB-A61C-7A5DF5B99125} - System32\Tasks\{858FB472-5CEA-4FBD-9E72-65DEC715A7C5} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {528711F2-1C72-448D-B5EF-37927EADCC31} - System32\Tasks\{F2848B54-0B33-4407-AA89-F92FC745D459} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {56410E59-C3B1-40F8-B0FD-674254FBA0E7} - System32\Tasks\{F12BB17B-8534-4DF4-9B6F-3E475FFDE5B8} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {56DBD133-FF99-443B-B8AC-3ECC426B958F} - System32\Tasks\{598A64E4-9B31-4706-8E5E-1DE0A59292E0} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {5ADDB58B-CD32-4C7A-8C67-0F33C2AFEB36} - System32\Tasks\{26F8E065-2C28-4787-8086-ADFEA2845C6F} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {5EE847CB-FE75-4CF1-BED6-837AC7159F2D} - System32\Tasks\{8EA4414C-54BF-4BB7-A44E-9BC521BDBF4A} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {67F58E9F-0BE3-4687-A0CB-793072C765CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C2214C5-1FB9-4BF9-AB41-F112C323F6AE} - System32\Tasks\{80F3845C-3C92-4898-A9FF-0B5EE604DF07} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {6F868CB2-B24A-4870-B985-C710DDCDC3DF} - System32\Tasks\{7F916CCC-7C8F-478B-918C-C6D255DF3C96} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {759A20CA-2CC1-463C-AB2B-5F20ECA69237} - System32\Tasks\{B5CEC5F3-64B5-4680-9DBB-B24E00ED9E93} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {7BAEB8C8-16A9-4298-B4B6-FFFF2392075A} - System32\Tasks\{2B5DC53E-0AB1-4FD5-8376-F45831513321} => G:\Programs\A0184583.exe [2005-04-01] ()
Task: {7D614EE3-9D66-423F-88D0-D80F9C23C979} - System32\Tasks\{57E60407-B0FB-4D1B-A1C4-5157608AB94C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {82BF0377-0F7E-46FD-B45F-93885DF2B269} - System32\Tasks\{D92EDE2F-6ECB-46C4-AF2C-088BB3266C49} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv.msi"
Task: {8958F3FB-5EC7-4C63-A8DE-994597FE8189} - System32\Tasks\{D3D4DB0C-580C-46D9-89E1-68B5B9259E28} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {91D6F716-06D8-4DE8-9FF0-8B38127F071F} - System32\Tasks\{0884BF43-CAEA-4028-8EF9-6A43F9CBAF4B} => C:\Program Files\Microsoft Office 2003 MultiLang\Microsoft Office Word 2003.exe
Task: {955F58A1-9B56-4134-8B00-E6A24D152E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe
Task: {9A3EED12-48B7-4FDE-89E1-211C2A81374F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9A8DEEF7-5879-417B-8910-817C62E257AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {9ABF9E49-9B3F-404E-ACE9-EFD7E06AAAD1} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files\NCH Software\Express\Express.exe
Task: {AA318FA1-575A-463F-800F-6EC8A9EE1A5B} - System32\Tasks\{72F5C9F6-BF43-44FA-9C9B-1A414EA26E18} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {B238A0AF-4B8B-4A9D-BB66-143A4F70B525} - System32\Tasks\{8821CE3A-A714-4E0B-A8B5-EC7D64AD924C} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B4CDFFB2-7FA3-4BFC-BA1B-C987763795D5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B56E7DDF-9ADE-44EA-8840-2D695C4A8E60} - System32\Tasks\{43022584-1FB3-433D-9BAE-856426CFDAD2} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {B8F2760C-C46E-4C21-92A2-6557BB1FD4D3} - System32\Tasks\{24586FE0-83FE-4FFF-A59B-8D6F461E0ADB} => msiexec.exe /package "F:\NEW PROGRAMS\OFFICE\New 13 -10- 13\Microsoft Office 2003 Pro Portable MultiLang - The11thMtnDiv\Microsoft Office 2003 Pro Portable 11 in 1 SP2 MultiLang - The11thMtnDiv.msi"
Task: {CB4AE861-A16A-4CDA-B2C8-24CC42C82E9E} - System32\Tasks\{8D73619E-884E-4B2A-8690-FD2E6744D2B1} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {CC1103FC-DB87-4860-9806-36E7FBAF2877} - System32\Tasks\{2F4F007B-B337-4BAA-8835-96B7597EEF1B} => C:\Program Files\RapidComm\RAPIDCOM.EXE
Task: {CDB8BC96-F444-4126-B8E6-6CA7B495D9F8} - System32\Tasks\{2D8604A9-1DAA-4D11-8018-32C0E45AC2A0} => C:\Program Files\VW\VT\Julie\M16-SAPI5\lib\UserDicEng.exe [2009-04-17] ()
Task: {D29B7288-C0C9-4911-B299-CF880AC73D80} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D41851D3-61ED-48E6-A243-9D9E3328A3BE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KHAN-Administrator Khan => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D536B505-EAD3-40B0-B781-AE2AE206BB2D} - System32\Tasks\{253E0BCE-68AC-4F7D-93E9-5435C5EE38F9} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {E0776124-DEBD-4C63-8257-342A6D883336} - System32\Tasks\{6A9758CB-785E-439C-9C1B-2238CECA5BF2} => C:\3COM\UPDTMDM\UPDTMDM.EXE [1998-06-06] ()
Task: {E4E34B87-A337-4D5C-A121-49066069A29C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EAFB4792-2E9F-4098-AF9B-6700216F9A04} - System32\Tasks\{37343038-3FED-49FC-A743-8DDDFE16F4F7} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)
Task: {F929BE73-A7C9-4DD4-AF4D-892ED5933594} - System32\Tasks\{575ED30B-3D7F-46C2-B023-637056BFF346} => C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
Task: {FBCBC6EF-D7CE-4A65-B778-D35411F56594} - System32\Tasks\{4B12E91A-5B39-42C5-B438-D29669D9D6C1} => C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (whitelisted) =============

2013-11-02 20:36 - 2013-01-31 19:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-02 15:57 - 2012-08-08 22:36 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-11-02 15:57 - 2012-08-08 22:36 - 00037392 ____N () C:\Program Files\Cyberlink\Shared files\RichVideops.dll
2014-08-21 18:20 - 2014-08-21 18:20 - 00278016 _____ () C:\Program Files\Synergy\synergyd.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-11-08 00:38 - 2012-02-29 00:23 - 00051200 _____ () C:\Program Files\Classic Menu for Office\armaccess.dll
2014-11-11 08:27 - 2014-11-11 08:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-18 01:45 - 2014-11-18 01:45 - 16840880 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll
2013-10-23 15:11 - 2013-10-23 15:11 - 00866056 _____ () C:\Program Files\CyberLink\PowerDirector12\runtime\misc\UNO.dll
2014-09-25 15:45 - 2014-09-25 15:45 - 01659352 _____ () C:\Program Files\CyberLink\PowerDirector12\Language\ENU\PDrt.dll
2012-08-01 12:07 - 2012-08-01 12:07 - 00249344 _____ () C:\Program Files\CyberLink\PowerDirector12\runtime\mediacache\libebml.dll
2012-08-01 12:07 - 2012-08-01 12:07 - 00548352 _____ () C:\Program Files\CyberLink\PowerDirector12\runtime\mediacache\libmatroska.dll
2013-07-18 22:24 - 2013-07-18 22:24 - 00165848 _____ () C:\Program Files\CyberLink\PowerDirector12\CLVistaAudioMixer.dll
2013-09-17 15:40 - 2013-09-17 15:40 - 00196360 _____ () C:\Program Files\CyberLink\PowerDirector12\HanumanCache.dll
2013-08-15 14:28 - 2013-08-15 14:28 - 00082432 ____N () C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\NewBlue_PlugIn_VideoEssentials2Bundle.dll
2013-08-15 14:28 - 2013-08-15 14:28 - 19355136 ____N () C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\NewBlueVideoEssentials2Bundle.dll
2013-08-15 14:32 - 2013-08-15 14:32 - 00403456 ____N () C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\NewBlueResourcesNew32.dll
2013-08-15 14:32 - 2013-08-15 14:32 - 00082432 ____N () C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\NewBlue_PlugIn_VideoEssentials3Bundle.dll
2013-08-15 14:33 - 2013-08-15 14:33 - 20718592 ____N () C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\NewBlueVideoEssentials3Bundle.dll
2013-08-15 14:24 - 2013-08-15 14:24 - 00082432 ____N () C:\Program Files\CyberLink\Shared files\PlugIn\NewBlue\NewBlue_PlugIn_VideoEssentialsBundle.dll
2014-06-24 18:52 - 2014-06-24 18:52 - 01878792 _____ () C:\Program Files\CyberLink\PowerDirector12\runtime\authoring\AuroraU.dll
2013-07-18 22:24 - 2013-07-18 22:24 - 00018392 _____ () C:\Program Files\CyberLink\PowerDirector12\CESdlls\S3Dutility.dll
2012-02-20 19:38 - 2012-02-20 19:38 - 00208659 _____ () C:\Program Files\Win7codecs\filters\avutil-lav-51.dll
2012-02-20 19:38 - 2012-02-20 19:38 - 06426793 _____ () C:\Program Files\Win7codecs\filters\avcodec-lav-54.dll
2012-02-20 19:38 - 2012-02-20 19:38 - 00369109 _____ () C:\Program Files\Win7codecs\filters\swscale-lav-2.dll
2012-02-20 19:38 - 2012-02-20 19:38 - 00142647 _____ () C:\Program Files\Win7codecs\filters\avfilter-lav-2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AJTBBNQOH => 3
MSCONFIG\Services: DXDXHUUIPT => 3
MSCONFIG\Services: ESZIRRKTB => 3
MSCONFIG\Services: GHEXLJESSYJZJFFD => 3
MSCONFIG\Services: GIFNPEGD => 3
MSCONFIG\Services: HNFOEA => 3
MSCONFIG\Services: IPYGNV => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: YBYFGZAO => 3
MSCONFIG\startupfolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-2411852452-117403543-12125213-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2411852452-117403543-12125213-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2411852452-117403543-12125213-1025 - Limited - Enabled)
test (S-1-5-21-2411852452-117403543-12125213-1023 - Administrator - Enabled) => C:\Users\test
UpdatusUser (S-1-5-21-2411852452-117403543-12125213-1026 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2014 00:52:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2014 07:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2014 07:06:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: KHAN)
Description: Product: AT&T Labs' Natural Voices - Audrey 16k 1.4 (Desktop) -- The operating system is not adequate for running AT&T Labs' Natural Voices - Audrey 16k 1.4 (Desktop).

Error: (11/26/2014 11:37:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14268

Start Time: 01d0097dc274d97b

Termination Time: 0

Application Path: C:\Users\Administrator\Desktop\RogueKiller.exe

Report Id:

Error: (11/26/2014 05:57:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11e90

Start Time: 01d0094e67c7da57

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/26/2014 04:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10670

Start Time: 01d0093d90c12ed3

Termination Time: 0

Application Path: C:\Users\Administrator\Desktop\RogueKiller.exe

Report Id:

Error: (11/26/2014 03:55:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 103dc

Start Time: 01d0093b32a92e6f

Termination Time: 16

Application Path: C:\Users\Administrator\Desktop\RogueKiller.exe

Report Id:

Error: (11/26/2014 02:20:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/25/2014 00:12:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/23/2014 01:13:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/29/2014 11:12:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/29/2014 11:12:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/29/2014 10:15:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/27/2014 09:09:27 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (11/27/2014 09:09:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcov

Error: (11/27/2014 09:09:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (11/27/2014 09:08:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:53:04 AM on ‎11/‎27/‎2014 was unexpected.

Error: (11/27/2014 08:37:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/27/2014 08:36:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/27/2014 08:36:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Microsoft Office Sessions:
=========================
Error: (08/29/2013 01:42:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.1000496960

Error: (07/29/2013 04:20:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 3Microsoft Office PowerPoint12.0.6600.100012.0.6612.100028941320

Error: (05/23/2013 05:51:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6668.500012.0.6612.100069484080

Error: (11/07/2012 05:42:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.101423820

Error: (11/05/2012 07:02:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10142594585760

Error: (07/30/2012 11:03:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000375300

Error: (07/14/2012 04:56:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6661.500012.0.6612.1000690403180

Error: (06/06/2012 10:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6661.500012.0.6612.1000470

Error: (02/02/2012 10:09:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.1014648300

CodeIntegrity Errors:
===================================
Date: 2014-10-15 04:12:37.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.143
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:12:37.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 04:09:02.485
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 54%
Total physical RAM: 3070.49 MB
Available physical RAM: 1393.17 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 3254.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:168 GB) (Free:50.94 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:130.09 GB) (Free:42.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (1TERA_10GB) (Fixed) (Total:931.51 GB) (Free:375.51 GB) NTFS
Drive g: (320D500GB) (Fixed) (Total:465.76 GB) (Free:216.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BFBBC8F1)
Partition 1: (Active) - (Size=130.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33091F32)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4FE0168)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#35 OCD

SuperHelper

Malware Team
5,574 posts

Posted 29 November 2014 - 09:26 AM

Hi soloio,

When I downloaded mbam setup to scan computer it has taken over the Malwarebytes program I had, it is showing the same window that I scanned with, it is protecting the system like before, no problems there just the same window to scan.

PS it may have uninstalled my previous program?

I'm not sure I understand why you want to revert back to an earlier version of MBAM.

Malwarebytes Anti-Malware version 1.61.0.1400 - old
Malwarebytes Anti-Malware version 2.0.3.1025 - new

How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#36 soloio

Authentic Member

Authentic Member
22 posts

Posted 29 November 2014 - 05:56 PM

HI! OCD

About mbam setup to scan computer

I did not realize that it was the new version of Malwarebytes

I told this program was just for scanning and got me confused

Sorry for confusing you to!

As for the computer, I do not see any problems or noticed anything not working properly for what I know.

Thank you

#37 OCD

SuperHelper

Malware Team
5,574 posts

Posted 29 November 2014 - 11:44 PM

Hi soloio,

Test the computer for a day or two. If everything seems fine after that time, we will clean up the tools we used and get you on your way.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#38 soloio

Authentic Member

Authentic Member
22 posts

Posted 30 November 2014 - 07:19 PM

Thank You

#39 soloio

Authentic Member

Authentic Member
22 posts

Posted 03 December 2014 - 07:30 AM

Hi! OCD

Thank You for your help and support You have done a great job

I have used the computer for a while and I do not see any problems

I believe that we can finish and clean up as you mentioned so please tell

Me how you suggest I do it

Thank You

#40 OCD

SuperHelper

Malware Team
5,574 posts

Posted 03 December 2014 - 09:24 AM

Hi soloio ,

We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

Remove Disinfection Tools

Download Delfix
Tick the following boxes:
- Remove disinfection tools
- Create registry backup
- Purge system restore
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
- Windows XP - The Elephant In The Room
- Windows XP - The end of the road
Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#41 soloio

Authentic Member

Authentic Member
22 posts

Posted 04 December 2014 - 04:41 PM

Hi! OCD Thank You very very much for your help You have done a great job I am very pleased with your help I do apologize for making it harder for you and the time taken to complete I am very satisfied and I cannot thank you enough we can now mark this as resolved Thank You very much

#42 OCD

SuperHelper

Malware Team
5,574 posts

Posted 04 December 2014 - 08:19 PM

You're quite welcome! Glad I could be of assistance.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#43 OCD

SuperHelper

Malware Team
5,574 posts

Posted 04 December 2014 - 08:20 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Body Background

skin color theme