Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is slow, delayed clicks, delayed opening and closing programs, video is


  • This topic is locked This topic is locked
24 replies to this topic

#1 yarlac

yarlac

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 11 April 2015 - 09:07 PM

FSRT Result

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by Ray (administrator) on RAY-PC on 11-04-2015 16:48:52
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Answers Corporation) C:\Program Files (x86)\1-Click Answers\answers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Answers Corporation) C:\Program Files (x86)\1-Click Answers\agtserv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-22] (Google Inc.)
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1-Click Answers.lnk
ShortcutTarget: 1-Click Answers.lnk -> C:\Program Files (x86)\1-Click Answers\answers.exe (Answers Corporation)
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2513221048-3415156607-3463013705-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2513221048-3415156607-3463013705-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Extension: Video DownloadHelper - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\5qy3311k.default-1428294898362\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-04-06]

Chrome:
=======
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 16:48 - 2015-04-11 16:51 - 00017436 _____ () C:\Users\Ray\Desktop\FRST.txt
2015-04-11 16:48 - 2015-04-11 16:49 - 00000000 ____D () C:\FRST
2015-04-11 16:47 - 2015-04-11 16:47 - 02095616 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe
2015-04-10 23:19 - 2015-04-10 23:19 - 02217984 _____ () C:\Users\Ray\Desktop\adwcleaner_4.201.exe
2015-04-10 22:00 - 2015-04-10 21:59 - 00000000 ____D () C:\Users\Ray\Desktop\Process Explorer (Microsoft)
2015-04-05 22:39 - 2015-04-05 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 17:30 - 2015-04-04 17:30 - 00000000 _____ () C:\Users\Ray\Desktop\New Text Document.txt
2015-04-02 22:32 - 2015-04-02 22:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-02 22:30 - 2015-04-02 22:30 - 00000000 ____D () C:\Program Files\Java
2015-04-02 22:27 - 2015-04-02 17:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-02 02:43 - 2015-04-02 02:43 - 00016212 _____ () C:\ComboFix.txt
2015-04-01 03:08 - 2015-04-01 03:09 - 00000000 ____D () C:\ProgramData\Sophos
2015-04-01 03:06 - 2015-04-01 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-04-01 03:05 - 2015-04-01 03:05 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-03-31 22:11 - 2015-03-31 22:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RAY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-03-31 22:10 - 2015-03-31 22:10 - 00000000 ____D () C:\RegBackup
2015-03-31 09:52 - 2015-03-31 14:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-31 09:51 - 2015-03-31 09:52 - 159686448 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_online.exe
2015-03-31 00:58 - 2015-03-31 00:58 - 00000000 ____D () C:\Program Files\ConvertHelper3
2015-03-29 20:37 - 2015-03-29 20:37 - 00852607 _____ () C:\Users\Ray\Desktop\SecurityCheck.exe
2015-03-28 00:30 - 2015-03-28 00:30 - 00000000 ____D () C:\Users\Ray\Documents\OneNote Notebooks

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 16:46 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 16:46 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 16:11 - 2014-07-06 01:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 16:08 - 2012-12-12 02:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 16:05 - 2012-12-12 02:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 12:24 - 2009-07-13 21:51 - 00143996 _____ () C:\Windows\setupact.log
2015-04-11 11:44 - 2012-11-02 02:38 - 02021556 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 10:54 - 2012-12-12 02:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 10:53 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 23:21 - 2013-08-23 06:50 - 00000000 ____D () C:\AdwCleaner
2015-04-10 01:09 - 2012-12-11 13:56 - 00000000 ____D () C:\Users\Ray\Documents\My PSP8 Files
2015-04-09 22:54 - 2009-07-13 22:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 08:57 - 2012-12-13 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 04:31 - 2012-12-17 18:28 - 00000000 ____D () C:\Users\Ray\dwhelper
2015-04-05 21:35 - 2013-07-16 01:26 - 00000000 ____D () C:\Users\Ray\Desktop\Old Firefox Data
2015-04-02 22:28 - 2014-07-07 08:06 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-02 17:45 - 2014-07-07 08:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-02 11:33 - 2013-08-21 12:06 - 00425904 _____ () C:\Windows\PFRO.log
2015-04-02 02:43 - 2012-12-10 01:45 - 00000000 ____D () C:\Qoobox
2015-04-02 02:38 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-02 02:21 - 2014-12-20 15:23 - 05617096 ____R (Swearware) C:\Users\Ray\Desktop\ComboFix.exe
2015-03-31 20:15 - 2009-07-13 22:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 10:30 - 2012-12-25 03:23 - 00000000 ____D () C:\Users\Ray\AppData\Local\CrashDumps
2015-03-30 01:30 - 2014-08-09 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 09:37 - 2014-07-06 01:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 09:37 - 2013-08-23 05:05 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-23 22:03 - 2013-09-25 22:59 - 00000064 _____ () C:\Users\Ray\AppData\Roaming\default.pls
2015-03-18 15:48 - 2012-12-27 04:48 - 00007680 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-17 11:57 - 2013-07-10 21:08 - 00000000 ____D () C:\Ray's HD 175 SINCE TRANSFER
2015-03-17 09:31 - 2013-09-25 12:59 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-03-17 06:15 - 2014-07-06 01:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-06 01:31 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-08-23 05:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 01:21 - 2014-08-23 18:32 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2014-11-29 13:30 - 2014-11-29 13:30 - 0000288 _____ () C:\Users\Ray\AppData\Roaming\.backup.dm
2013-09-25 22:59 - 2015-03-23 22:03 - 0000064 _____ () C:\Users\Ray\AppData\Roaming\default.pls
2012-12-27 04:48 - 2015-03-18 15:48 - 0007680 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-14 02:43 - 2013-08-14 02:46 - 0000173 _____ () C:\Users\Ray\AppData\Local\msmathematics.qat.Ray

Some content of TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\Quarantine.exe
C:\Users\Ray\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:12

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by Ray at 2015-04-11 16:56:56
Running from C:\Users\Ray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
1-Click Answers (HKLM-x32\...\1-Click Answers) (Version:  - )
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.724.5507 - ABBYY)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.2 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\Canon PhotoStitch 3.1) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DiskAid 5.01 (HKLM-x32\...\DiskAid_is1) (Version: 5.01 - DigiDNA)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elcomsoft Wireless Security Auditor (HKLM-x32\...\{77BFC300-FFBB-4841-8A55-CAB7BAC68422}) (Version: 4.0.211.448 - Elcomsoft Co. Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Freecorder extension for Firefox (HKLM-x32\...\Freecorder extension for Firefox) (Version: 7.0.0.13 - Applian Technologies, Inc.) <==== ATTENTION
Freeraser (HKLM-x32\...\Freeraser) (Version: 1.0.0.23 - Codyssey.com)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 3.64.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HandBrake Packages (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\HandBrake Packages) (Version:  - ) <==== ATTENTION
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\...\Juniper_Setup_Client) (Version: 7.3.5.34907 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041033}) (Version: 8.3.314 - Nero AG)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Sierra I6 (HKLM-x32\...\Sierra I6) (Version: 6.0 - Sierra Bullets)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WiFi ReHacker version 1.1 (HKLM-x32\...\{C8B4A547-DE2B-4424-8819-09724C15EAA6}_is1) (Version: 1.1 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Data Recovery 3.36 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.36 - WiseCleaner.com, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-04-2015 09:34:37 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-03-27 23:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22039382-177A-413C-85B2-859CEE1C5C0A} - System32\Tasks\{C903FE96-3879-4532-877B-61E03AEAD146} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero Web\SetupX.exe" -d "C:\Program Files (x86)\Common Files\Nero\Nero Web" -c -ScParameter=65  MODE="update"
Task: {298DC440-1973-4E5D-985F-2407AF5B8A2C} - System32\Tasks\{5D373DCD-EEF2-41C9-97C9-0FD77E5F8E82} => pcalua.exe -a "E:\Ray's Files 2013.3 (YM) forward\XXX\CopyTransControlCenter install.exe" -d "E:\Ray's Files 2013.3 (YM) forward\XXX"
Task: {434B2AB3-07F1-4E73-B39B-979F49B6EB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12] (Google Inc.)
Task: {5E4D00C7-D446-4100-9272-A92EDB564178} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {65367BF4-0331-493C-AADF-07727042C5B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {66110BA3-6D93-4C91-A6DB-5B7D886BA63E} - System32\Tasks\{4F5FF1C9-DD65-4F8C-BF97-FDD5CD5B0CE0} => pcalua.exe -a "E:\Ray's Files 2013.3 (YM) forward\XXX 2\GoogleEarthPluginSetup.exe" -d "E:\Ray's Files 2013.3 (YM) forward\XXX 2"
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {D75321A4-2D1F-4AE7-8555-054F097FC7C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-12] (Google Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-02-15 04:20 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2013-08-11 23:29 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-23 00:00 - 2009-05-19 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-12-10 23:03 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-09-06 22:29 - 2013-09-06 22:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eff228aa396c1d45248a54b44d7ce5a0\IsdiInterop.ni.dll
2010-07-22 23:29 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-04 20:05 - 2015-02-04 20:05 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

==================== Accounts: =============================

Administrator (S-1-5-21-2513221048-3415156607-3463013705-500 - Administrator - Disabled)
Guest (S-1-5-21-2513221048-3415156607-3463013705-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2513221048-3415156607-3463013705-1002 - Limited - Enabled)
Ray (S-1-5-21-2513221048-3415156607-3463013705-1000 - Administrator - Enabled) => C:\Users\Ray

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2015 04:36:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/11/2015 04:36:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/11/2015 04:36:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/10/2015 10:01:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 01:32:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/10/2015 01:30:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 01:26:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/10/2015 01:26:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/10/2015 01:26:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 00:55:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 12.0.6680.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: db0

Start Time: 01d073c7749928a2

Termination Time: 312

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

Report Id: 73459121-dfbb-11e4-abd3-88ae1d9c4d1a


System errors:
=============
Error: (04/11/2015 04:42:03 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (04/10/2015 11:22:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/10/2015 11:22:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/10/2015 11:22:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/10/2015 11:21:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 11:21:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 11:21:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/10/2015 11:21:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NMIndexingService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2015 11:21:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/10/2015 11:21:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Updater Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (03/04/2015 04:31:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 59790 seconds with 8760 seconds of active time.  This session ended with a crash.

Error: (01/03/2015 09:51:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 00:57:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 00:56:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 00:55:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 00:54:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/03/2014 00:53:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9478 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (01/29/2014 04:47:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4438 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (12/02/2013 10:13:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 3001.98 MB
Available physical RAM: 1247.52 MB
Total Pagefile: 6002.14 MB
Available Pagefile: 3578.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:10.98 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:223.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DE5EE28C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C66B75A8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 13 April 2015 - 08:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Delete this program using the Add/Remove Programs applet.
Freecorder extension for Firefox (HKLM-x32\...\Freecorder extension for Firefox) (Version: 7.0.0.13 - Applian Technologies, Inc.) <==== ATTENTION
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

#3 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 13 April 2015 - 07:48 PM

These efforts did not fix the issue. I am losing more fucntioning, eg I cannot print anymore. Tried to delete Freecorder and it said there was an error and then that the program could not be found. I think I remember it saying it is not at this location.

 

Thanks

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Ray at 2015-04-13 13:27:31 Run:1
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available profiles: Ray)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2513221048-3415156607-3463013705-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
"HKCR\PROTOCOLS\Filter\application/octet-stream" => Key deleted successfully.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Filter\application/x-complus" => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
WinHttpAutoProxySvc => Service deleted successfully.
catchme => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 13:27:34 ====

 

# AdwCleaner v4.201 - Logfile created 13/04/2015 at 14:40:22
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ray - RAY-PC
# Running from : C:\Users\Ray\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.118


*************************

AdwCleaner[R0].txt - [13773 bytes] - [23/08/2013 06:50:50]
AdwCleaner[R1].txt - [1691 bytes] - [25/08/2013 23:36:09]
AdwCleaner[R2].txt - [7415 bytes] - [21/08/2014 23:22:33]
AdwCleaner[R3].txt - [2514 bytes] - [31/03/2015 22:02:56]
AdwCleaner[R4].txt - [1266 bytes] - [01/04/2015 19:58:24]
AdwCleaner[R5].txt - [1384 bytes] - [02/04/2015 01:10:07]
AdwCleaner[R6].txt - [1503 bytes] - [02/04/2015 23:12:46]
AdwCleaner[R7].txt - [1621 bytes] - [10/04/2015 23:20:15]
AdwCleaner[R8].txt - [1739 bytes] - [13/04/2015 13:49:44]
AdwCleaner[S0].txt - [12766 bytes] - [23/08/2013 06:55:24]
AdwCleaner[S1].txt - [1778 bytes] - [25/08/2013 23:38:33]
AdwCleaner[S2].txt - [7553 bytes] - [21/08/2014 23:24:44]
AdwCleaner[S3].txt - [2604 bytes] - [31/03/2015 22:06:30]
AdwCleaner[S4].txt - [1331 bytes] - [01/04/2015 20:28:21]
AdwCleaner[S5].txt - [1449 bytes] - [02/04/2015 01:11:45]
AdwCleaner[S6].txt - [1567 bytes] - [02/04/2015 23:14:21]
AdwCleaner[S7].txt - [1685 bytes] - [10/04/2015 23:21:56]
AdwCleaner[S8].txt - [1664 bytes] - [13/04/2015 14:40:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1723  bytes] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 14 April 2015 - 08:01 AM

Tried to delete Freecorder and it said there was an error and then that the program could not be found.

What was reported by the Farbar tool may just be some remnant entry. Possibly the folder was removed by the AdwCleaner tool that you previously run.

===


Was the printer disabled?

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon


===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#5 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 April 2015 - 11:09 AM

I only use my Brother printer.

Did the "last good setting", nothing changed.

Computer is running badly, no change, really slow.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 14 April 2015 - 01:15 PM

Check for the latest version of drivers.

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Add/Remove programs applet.

#7 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 15 April 2015 - 01:18 AM

Tried it and there is no change the computer is still major slow.


Edited by yarlac, 15 April 2015 - 02:02 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 15 April 2015 - 08:23 AM

Make sure you have all the latest Microsoft updates.

http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5

#9 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 16 April 2015 - 05:56 PM

Printer still doesn't work. It is there but nothing happens when I try to print.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 17 April 2015 - 08:34 AM


If you have the printer's installation disk remove it using the Add/Remove program.

Restart the computer normally and re-install it.

If you do not have the disk check the manufacturer's site it may be available.

#11 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 18 April 2015 - 12:19 AM

Printer is up and running. Computer clicks and opening programs is still slow and choppy with big delays.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 18 April 2015 - 08:28 AM

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
<<<>>>

Your security protection with Windows defender it not adequate.
Your FRST log shows that it's Out of date. Please get the latest update.

I also suggest your install the Microsoft Security Essentials, it's free.

http://windows.microsoft.com/en-CA/windows/security-essentials-download

Run the application and let me know if the problem persists.

#13 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 April 2015 - 01:15 AM

Ran Scannow and it found no integrity violations. The computer is slow delayed in clicks and video is choppy. Slow opening programs.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 19 April 2015 - 07:32 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#15 yarlac

yarlac
  • Topic Starter

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 19 April 2015 - 03:36 PM

The regestry indicated a lot of items, but I did not select any of them per your instruction. I just hit delete.

 

RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ray [Administrator]
Started from : C:\Users\Ray\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/19/2015  13:32:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0E09498B-DBC9-4FD1-A020-3CF4842A30FB} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3BC6F4A3-6E6C-4294-B81E-B2C42BC4E929} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0E09498B-DBC9-4FD1-A020-3CF4842A30FB} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3BC6F4A3-6E6C-4294-B81E-B2C42BC4E929} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0E09498B-DBC9-4FD1-A020-3CF4842A30FB} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3BC6F4A3-6E6C-4294-B81E-B2C42BC4E929} | DhcpNameServer : 208.180.42.68 208.180.42.100 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] e6bbdf86b4a40c902a7a312f9d1ba46e
[BSP] b33eee223bc0d0bfa1dc8a9b49785b56 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04192015_133059.log






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users