Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opening or using browsers keep crashing my PC


  • This topic is locked This topic is locked
81 replies to this topic

#1 Balta

Balta

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 05 April 2015 - 08:59 PM

Hi, I'm getting random crash's while surfing the net on my browsers and sometimes just even from open them.

I did full scans with my antivirus, malawarebytes and other tools and nothing is found, so I here is my Hijackthis log so anyone can see if nothing realy is on my system.

 

Thanks.

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:47:34 AM, on 06/04/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 37.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
F:\SitesDevelop\apache\Apache2\bin\Apache.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
F:\SitesDevelop\apache\Apache2\bin\Apache.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Roxio\BackOnTrack\App\BService.exe
D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
D:\WINDOWS\system32\crypserv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\MoboRobo\MoboroboDeviceService.exe
F:\SitesDevelop\mysql\bin\mysqld-nt.exe
D:\Program Files\SCE\Common\File System Driver\bin\pfs_mounter.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TeamViewer\TeamViewer_Service.exe
D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\TeamViewer\TeamViewer.exe
D:\Program Files\TeamViewer\tv_w32.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe
D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
D:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
D:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Skype\Phone\Skype.exe
F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
F:\SitesDevelop\mysql\bin\winmysqladmin.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Baltasar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: UAButtonBHO - {3CE56DB6-FCBE-4422-9454-63C354178985} - D:\Program Files\UAPick\UABtn.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Name of App] D:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Certificate Import] D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "D:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SoundMax] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RoxWatchTray] "D:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "D:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [CPMonitor] "D:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Update Checker] D:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WinMySQLadmin.lnk = F:\SitesDevelop\mysql\bin\winmysqladmin.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Monitor Apache Servers.lnk = F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - D:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - D:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - D:\Program Files\UAPick\UABtn.dll
O9 - Extra 'Tools' menuitem: Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - D:\Program Files\UAPick\UABtn.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154986089372
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345789468890
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B3D4D3F-DBD6-455A-B750-114CEC4DD2E8}: NameServer = 192.168.0.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - D:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2 - Apache Software Foundation - F:\SitesDevelop\apache\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOT4Service - Unknown owner - D:\Program Files\Roxio\BackOnTrack\App\BService.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Moborobo Device Service (MoboroboDeviceService) - Unknown owner - D:\Program Files\MoboRobo\MoboroboDeviceService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySql - Unknown owner - F:/SitesDevelop/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - D:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: RoxMediaDB13 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SCE File System Driver (SCEFSMounter) - Sony Computer Entertainment Inc. - D:\Program Files\SCE\Common\File System Driver\bin\pfs_mounter.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - D:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 19602 bytes
 


Edited by Balta, 05 April 2015 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 06 April 2015 - 03:03 AM

Hello Balta and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


I don’t see anything that may be causing this so we’ll need a better look.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
FRST.txt
Addition.txt


Also, can you tell me if this is a business computer or one used for personal use.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 06 April 2015 - 04:34 AM

Hi, first thanks for the quicky answer to try to solve my problem.

Regarding your question I use this PC for personal work.

 

Now the results from runnig the tools you ask. JRT near the end after the Mozilla scan closes the program window and does't generate any log file, the rest work ok until the end so here is the logs.

 

 

# AdwCleaner v4.200 - Logfile created 06/04/2015 at 09:52:00
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Baltasar - BALL9000
# Running from : D:\Documents and Settings\Baltasar\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269

***** [ Files / Folders ] *****

Folder Deleted : D:\Documents and Settings\All Users\Application Data\FileCure
Folder Deleted : D:\Documents and Settings\All Users\Application Data\speedypc software
Folder Deleted : D:\Program Files\registry mechanic
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\Desktopicon
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\DriverCure
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\eSupport.com
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\KW
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\registry mechanic
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\Uniblue
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\FileViewPro
Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\download Manager
[!] Folder Deleted : D:\Documents and Settings\Baltasar\Application Data\Mozilla\Firefox\Profiles\exh9gfsv.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
File Deleted : D:\Documents and Settings\Baltasar\Application Data\Mozilla\Firefox\Profiles\exh9gfsv.default\Extensions\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.xpi
File Deleted : D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Deleted : D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
File Deleted : D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF9FCDC9-2C04-4531-BE1A-963EB2C341D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\MaxiGet
Key Deleted : HKLM\SOFTWARE\Headlight
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp://proxy.iraqigeek.com:80

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[exh9gfsv.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

-\\ Google Chrome v41.0.2272.118

[D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.booking.com/searchresults.en-gb.html?si=ai%2Cco%2Cci%2Cre%2Cdi;ss={searchTerms};label=opensearch-plugin
[D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC02CD440-60D6-4016-A55D-6E7C08C1D9B7&q={searchTerms}
[D:\Documents and Settings\Baltasar\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [7210 bytes] - [06/04/2015 09:46:17]
AdwCleaner[S0].txt - [6542 bytes] - [06/04/2015 09:52:00]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [6601  bytes] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on BALL9000 on 06-04-2015 10:17:15
Running from D:\Documents and Settings\Baltasar\Desktop
Loaded Profiles: Baltasar & Administrator (Available profiles: Baltasar & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) D:\WINDOWS\System32\nvsvc32.exe
(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apache Software Foundation) F:\SitesDevelop\apache\Apache2\bin\Apache.exe
(Kaspersky Lab ZAO) D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Apache Software Foundation) F:\SitesDevelop\apache\Apache2\bin\Apache.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
() D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
(CrypKey (Canada) Ltd.) D:\WINDOWS\System32\Crypserv.exe
(FileZilla Project) D:\Program Files\FileZilla Server\FileZilla server.exe
(Oracle Corporation) D:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) D:\Program Files\Common Files\LightScribe\LSSrvc.exe
() D:\Program Files\MoboRobo\MoboRoboDeviceService.exe
() F:\SitesDevelop\mysql\bin\mysqld-nt.exe
(Sony Computer Entertainment Inc.) D:\Program Files\SCE\Common\File System Driver\bin\pfs_mounter.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\TeamViewer_Service.exe
() D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Kaspersky Lab ZAO) D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\TeamViewer.exe
(HP) D:\WINDOWS\System32\spool\drivers\W32X86\3\hpztsb04.exe
(TeamViewer GmbH) D:\Program Files\TeamViewer\TV_w32.exe
( ) D:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe
(Zetes Burótica S.A.) D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
(InstallShield Software Corporation) D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
() D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
() D:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
() D:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
(Adobe Systems Incorporated) D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Analog Devices, Inc.) D:\Program Files\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Oracle Corporation) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(SUPERAntiSpyware) D:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) D:\Program Files\Windows Media Player\WMPNSCFG.exe
(Skype Technologies S.A.) D:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Apache Software Foundation) F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe
() D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
(MySQL AB) F:\SitesDevelop\mysql\bin\winmysqladmin.exe
(MagicISO, Inc.) D:\Program Files\MagicDisc\MagicDisc.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPDJ Taskbar Utility] => D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-29] (HP)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [Name of App] => D:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe [708721 2013-03-08] ( )
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => D:\WINDOWS\system32\HDAShCut.exe [61952 2004-10-27] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Adobe Reader Speed Launcher] => D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [FileZilla Server Interface] => D:\Program Files\FileZilla Server\FileZilla Server Interface.exe [937984 2007-12-25] (FileZilla Project)
HKLM\...\Run: [Certificate Import] => D:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe [621280 2014-01-06] (Zetes Burótica S.A.)
HKLM\...\Run: [MBBalloon] => D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [794464 2008-07-15] (PLANNING Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => D:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [BtTray] => D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [278016 2009-02-27] ()
HKLM\...\Run: [SoundMax] => D:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [RoxWatchTray] => D:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2010-07-16] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => D:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [477680 2010-06-30] ()
HKLM\...\Run: [CPMonitor] => D:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2010-08-25] ()
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickTime Task] => D:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ASUS Update Checker] => D:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [121472 2009-12-28] (ASUSTeK Computer Inc.)
HKLM\...\Run: [amd_dc_opt] => D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [SoundMAXPnP] => D:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Winlogon\Notify\klogon: D:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [STE-S2] 0xB3006A45B3006A450100000000000000
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
HKU\S-1-5-19\...\Policies\Explorer: [] 0x00000000
HKU\S-1-5-19\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-19\...\Policies\Explorer: [CDRAutoRun] 0x00000000
HKU\S-1-5-20\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
HKU\S-1-5-20\...\Policies\Explorer: [] 0x00000000
HKU\S-1-5-20\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-20\...\Policies\Explorer: [CDRAutoRun] 0x00000000
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Run: [LightScribe Control Panel] => D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Run: [SUPERAntiSpyware] => D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Run: [WMPNSCFG] => D:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Run: [Skype] => D:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [RestrictCpl] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [DisallowCpl] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoRecycleFiles] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [ForceRecycleBinSize] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoCustomizeWebView] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoWinKeys] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoWebView] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [DontShowSuperHidden] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoPublishingWizard] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoFavoritesMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoHelp] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoDisconnect] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoNtSecurity] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [GreyMSIAds] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoSMBalloonTips] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [LockTaskbar] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoTaskGrouping] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoWebServices] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoExpandedNewMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [PromptRunasInstallNetPath] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [StartRunNoHOMEPATH] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {4c62d0a2-8c11-11df-a173-00027200f5df} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {6d844269-d095-11e2-b5e4-00027200f5df} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {8f01f29e-a968-11dc-8a09-00027200f5df} - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fae-a254-11df-a179-001bfccb85bc} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4faf-a254-11df-a179-001bfccb85bc} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fb0-a254-11df-a179-001bfccb85bc} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bd043764-f53e-11e0-a1fa-00027200f5df} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e3-1a30-11e4-a915-00027200f5df} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e5-1a30-11e4-a915-001e101f22e5} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e6-1a30-11e4-a915-001e101f22e5} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e8556028-b2f9-11e0-a1f0-001bfccb85bc} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e855602a-b2f9-11e0-a1f0-00027200f5df} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {fd5663d5-772b-11e0-a1e1-005056c00008} - I:\AutoRun.exe
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Run: [LightScribe Control Panel] => D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoVisualStyleChoice] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoColorChoice] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [NoSizeChoice] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [] 0x00000000
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [CDRAutoRun] 0x00000000
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoThemesTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [RestrictCpl] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [DisallowCpl] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoRecycleFiles] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [ForceRecycleBinSize] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoCustomizeWebView] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoWinKeys] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoWebView] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [DontShowSuperHidden] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoPublishingWizard] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoFavoritesMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoHelp] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoDisconnect] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoNtSecurity] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [GreyMSIAds] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoSMBalloonTips] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [LockTaskbar] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoTaskGrouping] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoWebServices] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoExpandedNewMenu] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [PromptRunasInstallNetPath] 1
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKU\S-1-5-21-1214440339-842925246-854245398-500\...\Policies\Explorer: [StartRunNoHOMEPATH] 0
HKU\S-1-5-18\...\Run: [Skype] => D:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => D:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> F:\SitesDevelop\apache\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
ShortcutTarget: LaunchU3.exe.lnk -> D:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
Startup: D:\Documents and Settings\Baltasar\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> D:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: D:\Documents and Settings\Baltasar\Start Menu\Programs\Startup\WinMySQLadmin.lnk
ShortcutTarget: WinMySQLadmin.lnk -> F:\SitesDevelop\mysql\bin\winmysqladmin.exe (MySQL AB)
Startup: D:\Documents and Settings\Baltasar\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> D:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => D:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => 127.0.0.1:8088
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page_bak = http://home.microsoft.com/access/allinone.asp
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\STATIONERY\BLANK.HTM
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132702
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132702
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page_bak = http://home.microsoft.com/access/allinone.asp
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\STATIONERY\BLANK.HTM
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132702
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132702
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page_bak = http://home.microsoft.com/access/allinone.asp
HKU\S-1-5-21-1214440339-842925246-854245398-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1214440339-842925246-854245398-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1214440339-842925246-854245398-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132702
HKU\S-1-5-21-1214440339-842925246-854245398-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1214440339-842925246-854245398-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132702
HKU\S-1-5-21-1214440339-842925246-854245398-500\Software\Microsoft\Internet Explorer\Main,Search Page_bak = http://home.microsoft.com/access/allinone.asp
SearchScopes: HKU\.DEFAULT -> {44475ACF-AC79-4352-B49B-5C569BA1927D} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1214440339-842925246-854245398-1003 -> {1C3A3D0B-1120-45CF-9D4A-B84509A373F3} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
SearchScopes: HKU\S-1-5-21-1214440339-842925246-854245398-500 -> DefaultScope {6E144825-72E8-44E7-B5AF-8FF9F612A94A} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1214440339-842925246-854245398-500 -> {6E144825-72E8-44E7-B5AF-8FF9F612A94A} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Set UA String (BHO) -> {3CE56DB6-FCBE-4422-9454-63C354178985} -> D:\Program Files\UAPick\UABtn.dll [2011-03-29] (Bayden Systems)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-26] (Kaspersky Lab ZAO)
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-02] (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1214440339-842925246-854245398-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1214440339-842925246-854245398-1003 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB}
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
DPF: {156731E1-D652-11D1-BE03-00A0C9111212} http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {3334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab
DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154986089372
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-306.ibm.com/pc/support/IbmEgath.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37968.4930787037
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} http://www.mophun.com/codebase/mophun.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R1062/V31Controls/x86/mil/en/actsetup.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553504000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553560000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/dj/qdiagh.cab?223
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2004-01-29] (Microsoft Corporation)
Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - D:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: ndwiat - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll [2008-04-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - D:\Program Files\Common Files\EzTools\wowctl2.dll [2008-10-21] (EzTools Software)
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - D:\Program Files\Common Files\EzTools\hsppp.dll [2008-10-21] (EzTools Software)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-04] (SuperAdBlocker.com)
Winsock: Catalog5 05 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2B3D4D3F-DBD6-455A-B750-114CEC4DD2E8}: [NameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r9ru3g07.default
FF Plugin: @3ds.com/3dxml -> D:\Program Files\Dassault Systemes\3D XML Player\intel_a\code\bin\NP3DXMLPlugin.dll [2012-03-16] ()
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> D:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-08-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> D:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> D:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> D:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - D:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-02]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-02]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-02]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-02]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-02]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-24]
FF Extension: No Name - D:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
FF Extension: Java Console - L:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2010-09-28]
FF Extension: Java Console - L:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010-09-28]
FF Extension: No Name - L:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-11-26]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-11-26]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-11-26]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-11-26]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
R2 Apache2; F:\SitesDevelop\apache\Apache2\bin\Apache.exe [20541 2006-07-27] (Apache Software Foundation) [File not signed]
R2 AVP; D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
R2 BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] () [File not signed]
S2 BOT4Service; D:\Program Files\Roxio\BackOnTrack\App\BService.exe [39408 2010-09-13] ()
R3 BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] () [File not signed]
R2 BsMobileCS; D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] () [File not signed]
R2 Crypkey License; D:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 FileZilla Server; D:\Program Files\FileZilla Server\FileZilla Server.exe [586240 2007-12-25] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-08-19] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-23] (Oracle Corporation)
R2 LightScribeService; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S3 Macromedia Licensing Service; D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-06-15] () [File not signed]
S2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MoboroboDeviceService; D:\Program Files\MoboRobo\MoboroboDeviceService.exe [113448 2014-12-10] ()
R2 MySql; F:\SitesDevelop\mysql\bin\mysqld-nt.exe [2265088 2004-02-11] () [File not signed]
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 RoxMediaDB13; D:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
S2 RoxWatch12; D:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [354288 2010-07-16] (Sonic Solutions)
R2 SCEFSMounter; D:\Program Files\SCE\Common\File System Driver\bin\pfs_mounter.exe [78336 2012-06-20] (Sony Computer Entertainment Inc.) [File not signed]
R2 TeamViewer; D:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WmcCds; d:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation) [File not signed]
S3 WmcCdsLs; D:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; D:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 AsIO; D:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 AsUpIO; D:\WINDOWS\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [14088 2008-12-07] (IVT Corporation.)
R3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.)
R0 BtHidBus; D:\WINDOWS\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.)
R3 btnetBUs; D:\WINDOWS\System32\Drivers\btnetBus.sys [30088 2008-12-07] ()
R3 BTNetFilter; D:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-22] (IVT Corporation.)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpuz132; D:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 cpuz133; D:\WINDOWS\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 cpuz138; D:\Documents and Settings\Baltasar\Local Settings\temp\cpuz138\cpuz138_x32.sys [27832 2015-04-05] (CPUID)
R3 cvhdbus; D:\WINDOWS\System32\DRIVERS\cvhdbus51.sys [60160 2012-09-18] (Citrix Systems, Inc.)
R2 DriverX; D:\WINDOWS\System32\Drivers\driverx.sys [234140 2008-09-18] (Tetradyne Software, Inc.) [File not signed]
S3 DrvAgent32; D:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2015-04-05] (Phoenix Technologies) [File not signed]
R1 ElRawDisk; D:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 epmntdrv; D:\WINDOWS\system32\epmntdrv.sys [13192 2011-07-29] () [File not signed]
S3 EuGdiDrv; D:\WINDOWS\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 evserial; D:\WINDOWS\System32\DRIVERS\evserial.sys [52944 2007-06-12] (ELTIMA Software)
S3 FTDIBUS; D:\WINDOWS\System32\drivers\ftdibus.sys [47249 2009-08-12] (FTDI Ltd.)
S3 gameenum; D:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 GR433S; D:\WINDOWS\System32\Drivers\GR433s.sys [66896 2003-11-07] (Gemplus)
S3 HdAudAddService; D:\WINDOWS\System32\drivers\HdAudio.sys [145920 2004-10-27] (Windows ® Server 2003 DDK provider)
R1 HWiNFO32; D:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-04-03] (REALiX™)
S3 INFUSB; D:\WINDOWS\System32\drivers\infusb.sys [11520 2002-09-30] (WB Electronic) [File not signed]
R2 io.sys; D:\WINDOWS\system32\drivers\io.sys [5152 2011-06-11] () [File not signed]
R3 IvtBtBUs; D:\WINDOWS\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.)
R0 kl1; D:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2013-11-26] (Kaspersky Lab ZAO)
R1 KLIF; D:\WINDOWS\System32\DRIVERS\klif.sys [576096 2014-03-25] (Kaspersky Lab ZAO)
R3 klim5; D:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; D:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24672 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; D:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; D:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; D:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; D:\WINDOWS\System32\DRIVERS\kneps.sys [144992 2014-02-02] (Kaspersky Lab ZAO)
R3 libusb0; D:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2015-01-07] (http://libusb-win32.sourceforge.net)
S3 MADFU; D:\WINDOWS\System32\DRIVERS\MADFUXP.sys [16512 2007-09-11] (M-Audio) [File not signed]
R3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 mcdbus; D:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R1 MoboroboAssDriver; D:\WINDOWS\System32\drivers\MoboroboAssDriver.sys [13984 2014-10-09] ()
U3 Moucrv; D:\WINDOWS\System32\drivers\wacompen.sys [14208 2008-04-14] (Microsoft Corporation)
R3 msvad_simple; D:\WINDOWS\System32\drivers\povrtdev.sys [23920 2010-04-29] (MediaMall Technologies, Inc.)
R3 MTsensor; D:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 n558; D:\WINDOWS\System32\Drivers\n558.sys [9600 2007-08-15] ()
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NetworkX; D:\WINDOWS\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 nm; D:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NPF; D:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NVENETFD; D:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; D:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 nvnetbus; D:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 P2k; D:\WINDOWS\System32\DRIVERS\P2k.sys [38656 2003-04-08] (Motorola Inc) [File not signed]
S1 P3; D:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R1 pfs_dokan; D:\WINDOWS\System32\DRIVERS\pfs_dokan.sys [78640 2012-06-20] (Sony Computer Entertainment Inc.)
S3 pneteth; D:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
S3 PPJoyBus; D:\WINDOWS\System32\drivers\PPJoyBus.sys [13952 2004-10-24] (Deon van der Westhuysen) [File not signed]
S3 PPortJoystick; D:\WINDOWS\System32\drivers\PPortJoy.sys [28800 2004-10-24] (Deon van der Westhuysen) [File not signed]
R0 pwdrvio; D:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; D:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S3 QV2KUX; D:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
S3 Rasirda; D:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RDID1009; D:\WINDOWS\System32\Drivers\rdwm1009.sys [65794 2005-06-03] (Roland Corporation) [File not signed]
S3 RimUsb; D:\WINDOWS\System32\Drivers\RimUsb.sys [68096 2013-12-02] (BlackBerry Limited)
S3 RTL8023xp; D:\WINDOWS\System32\DRIVERS\TE100XP.SYS [78720 2006-04-18] (TRENDnet                                                    ) [File not signed]
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SecBulk; D:\WINDOWS\System32\Drivers\SECBULK.sys [10430 2011-03-21] (Windows ® 2000 DDK provider) [File not signed]
R3 SenFiltService; D:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
S3 silabenm; D:\WINDOWS\System32\DRIVERS\silabenm.sys [47176 2011-10-14] (Silicon Laboratories)
S3 silabser; D:\WINDOWS\System32\DRIVERS\silabser.sys [61312 2011-10-14] (Silicon Laboratories)
S3 tap0801; D:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
R3 tap0901; D:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 teamviewervpn; D:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2015-03-30] (TeamViewer GmbH)
S3 usbbus; D:\WINDOWS\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
S3 USBModem; D:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
R1 UserPort; D:\Program Files\DuoLabs\Cas Interface Studio\userport.sys [4256 2000-11-28] () [File not signed]
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [31880 2009-01-08] (IVT Corporation.)
R3 VHidMinidrv; D:\WINDOWS\System32\drivers\VHIDMini.sys [17416 2008-12-22] (IVT Corporation.)
S3 wceusbsh; D:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 WinDriver6; D:\WINDOWS\System32\drivers\windrvr6.sys [195968 2010-08-31] (Jungo) [File not signed]
R2 WinisoCDBus; D:\WINDOWS\System32\drivers\WinisoCDBus.sys [121600 2013-01-22] (WinISO.com)
U5 BlueletAudio; D:\Windows\System32\Drivers\BlueletAudio.sys [33800 2008-11-25] (IVT Corporation.)
U2 CertPropSvc; No ImagePath
S4 hpt3xx; No ImagePath
U5 klflt; D:\Windows\System32\Drivers\klflt.sys [93792 2014-03-25] (Kaspersky Lab ZAO)
U5 phunter; D:\WINDOWS\system32\unikey.sys [13816 2014-08-15] ()
U4 SCardDrv; No ImagePath
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; D:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 10:17 - 2015-04-06 10:17 - 00062345 _____ () D:\Documents and Settings\Baltasar\Desktop\FRST.txt
2015-04-06 10:04 - 2015-04-06 10:04 - 00000000 ____D () D:\RegBackup
2015-04-06 10:00 - 2015-04-06 10:00 - 00006681 _____ () D:\Documents and Settings\Baltasar\Desktop\AdwCleaner[S0].txt
2015-04-06 09:49 - 2015-04-06 09:49 - 02691312 _____ (Thisisu) D:\Documents and Settings\Baltasar\Desktop\JRT.exe
2015-04-06 09:46 - 2015-04-06 09:46 - 00000000 ____D () D:\AdwCleaner
2015-04-06 09:45 - 2015-04-06 09:45 - 02208768 _____ () D:\Documents and Settings\Baltasar\Desktop\adwcleaner_4.200.exe
2015-04-06 03:04 - 2015-04-06 03:04 - 00000000 ____D () D:\FRST
2015-04-06 03:02 - 2015-04-06 09:49 - 01135104 _____ (Farbar) D:\Documents and Settings\Baltasar\Desktop\FRST.exe
2015-04-06 02:47 - 2015-04-06 02:49 - 00019446 _____ () D:\Documents and Settings\Baltasar\Desktop\hijackthis.log
2015-04-06 02:42 - 2015-04-06 02:42 - 00388608 _____ (Trend Micro Inc.) D:\Documents and Settings\Baltasar\Desktop\HijackThis.exe
2015-04-06 02:39 - 2015-04-06 02:39 - 00000000 ____D () D:\WINDOWS\Tasks\ImCleanDisabled
2015-04-06 01:51 - 2015-04-06 09:54 - 00000054 _____ () D:\WINDOWS\errord.log
2015-04-06 00:58 - 2015-04-06 00:58 - 00000000 ____D () D:\Documents and Settings\Baltasar\Desktop\Autoruns
2015-04-06 00:33 - 2015-04-06 00:33 - 00588816 _____ () D:\Documents and Settings\Baltasar\Desktop\Autoruns.zip
2015-04-05 22:41 - 2015-04-05 22:41 - 00023456 _____ (Phoenix Technologies) D:\WINDOWS\system32\Drivers\DrvAgent32.sys
2015-04-05 18:23 - 2015-04-05 18:23 - 00000000 ____D () D:\Program Files\Ozone Blade Keyboard
2015-04-05 14:33 - 2015-04-05 14:33 - 00000000 __SHD () D:\FOUND.000
2015-04-04 18:59 - 2015-04-06 09:58 - 00043566 _____ () D:\WINDOWS\system32\nvapps.xml
2015-04-04 18:54 - 2006-01-24 18:15 - 00573440 _____ () D:\WINDOWS\system32\nvhwvid.dll
2015-04-04 14:48 - 2015-04-04 14:48 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2015-04-04 00:24 - 2015-04-04 00:24 - 00000000 ____D () D:\WINDOWS\NVIEW
2015-04-03 22:15 - 2015-04-03 22:15 - 00015449 _____ () D:\WINDOWS\system32\nvinfo.pb
2015-04-03 22:10 - 2015-04-03 22:10 - 00023840 _____ (REALiX™) D:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\Baltasar\Application Data\IObit
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ProductData
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\IObit
2015-04-02 04:02 - 2015-04-05 22:18 - 01001853 _____ () D:\WINDOWS\setupapi.log
2015-04-02 04:02 - 2015-04-02 04:02 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-04-02 03:45 - 2015-04-02 03:45 - 00000000 ____D () D:\Documents and Settings\Baltasar\Desktop\IPBOX
2015-04-01 20:49 - 2015-04-02 02:04 - 00000273 _____ () D:\Documents and Settings\Baltasar\Desktop\ciimar.txt
2015-04-01 17:35 - 2015-04-01 17:35 - 00008146 _____ () D:\Documents and Settings\Baltasar\Desktop\user.php_ol
2015-04-01 17:35 - 2015-04-01 17:35 - 00004646 _____ () D:\Documents and Settings\Baltasar\Desktop\index.php_ol
2015-03-30 01:09 - 2015-03-30 01:10 - 00000000 ___HD () D:\WINDOWS\$NtUninstallKB2808679$es
2015-03-30 01:09 - 2015-03-30 01:09 - 00065536 _____ () D:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-03-30 01:09 - 2015-03-30 01:09 - 00000000 ___HD () D:\WINDOWS\$968930Uinstall_KB968930$
2015-03-30 01:09 - 2015-03-30 01:09 - 00000000 ____D () D:\WINDOWS\system32\winrm
2015-03-30 01:09 - 2015-03-30 01:09 - 00000000 ____D () D:\WINDOWS\$NtUninstallKB968930$
2015-03-30 01:08 - 2015-03-30 01:10 - 00014240 _____ () D:\WINDOWS\KB2808679.log
2015-03-30 01:08 - 2015-03-30 01:09 - 00000000 ____D () D:\WINDOWS\system32\DRM
2015-03-29 20:12 - 2015-03-29 20:12 - 00000000 ____D () D:\5d2e19b9b17ac56aa40e780be6ea
2015-03-27 00:54 - 2015-03-27 00:54 - 103579136 _____ () D:\Documents and Settings\Baltasar\Desktop\StMaria_Full.bak
2015-03-19 00:33 - 2015-03-19 00:33 - 00000000 _____ () D:\SDFix.exe
2015-03-18 01:29 - 2015-03-18 01:29 - 00000776 _____ () D:\Documents and Settings\Baltasar\Application Data\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 10:18 - 2008-05-12 23:23 - 00000428 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{782B517D-29DC-4A31-BB1F-A478DEF790CA}.job
2015-04-06 10:06 - 2009-09-05 18:48 - 00000996 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 10:03 - 2014-12-12 03:54 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-06 09:58 - 2013-02-28 13:12 - 00000463 _____ () D:\Documents and Settings\Baltasar\Application Data\TSSTLiveUpdateConfig.ini
2015-04-06 09:58 - 2010-11-20 16:41 - 00006810 _____ () D:\WINDOWS\system32\LOCALSERVICE.INI
2015-04-06 09:58 - 2010-11-09 02:44 - 00000100 _____ () D:\WINDOWS\system32\LOCALDEVICE.INI
2015-04-06 09:58 - 2009-02-27 17:04 - 00001102 _____ () D:\WINDOWS\system32\bscs.ini
2015-04-06 09:57 - 2014-04-20 17:15 - 00000228 _____ () D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-06 09:57 - 2009-09-05 18:48 - 00000992 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 09:57 - 2001-08-23 11:00 - 00002284 _____ () D:\WINDOWS\system32\wpa.dbl
2015-04-06 09:56 - 2010-11-09 02:50 - 00000702 _____ () D:\WINDOWS\system32\REMOTEDEVICE.INI
2015-04-06 09:56 - 2003-12-13 18:44 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2015-04-06 09:55 - 2013-02-04 23:11 - 00029099 _____ () D:\WINDOWS\error.log
2015-04-06 09:54 - 2006-08-06 20:33 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2015-04-06 09:53 - 2012-04-18 11:34 - 00495406 _____ () D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-04-06 09:53 - 2006-08-06 21:12 - 00032210 _____ () D:\WINDOWS\SchedLgU.Txt
2015-04-06 09:53 - 2004-08-11 01:13 - 01320137 _____ () D:\WINDOWS\WindowsUpdate.log
2015-04-06 09:53 - 2003-12-13 19:34 - 00000248 ___SH () D:\Documents and Settings\Baltasar\ntuser.ini
2015-04-06 09:53 - 2001-09-01 01:00 - 00000048 _____ () D:\WINDOWS\wiaservc.log
2015-04-06 02:13 - 2001-08-23 11:00 - 00000646 _____ () D:\WINDOWS\system.ini
2015-04-06 02:13 - 2001-08-23 10:11 - 00003146 _____ () D:\WINDOWS\win.ini
2015-04-06 01:42 - 2013-02-15 13:23 - 00621273 _____ () D:\WINDOWS\setupact.log
2015-04-06 00:02 - 2014-09-03 01:21 - 00119512 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 22:14 - 2002-04-13 22:52 - 00086448 _____ () D:\Documents and Settings\Baltasar\Application Data\GDIPFONTCACHEV1.DAT
2015-04-05 22:08 - 2006-08-05 10:23 - 03866368 _____ () D:\WINDOWS\system32\FNTCACHE.DAT
2015-04-05 21:07 - 2012-04-23 16:27 - 05507302 _____ () D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1214440339-842925246-854245398-1003-0.dat
2015-04-04 19:01 - 2013-10-19 08:43 - 00906392 _____ () D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-04-04 00:20 - 2007-01-04 19:16 - 00001324 _____ () D:\WINDOWS\system32\d3d9caps.dat
2015-04-03 22:18 - 2010-11-02 20:16 - 00008824 _____ () D:\WINDOWS\system32\nvnrm.nvu
2015-04-03 22:17 - 2008-08-19 11:41 - 00004527 _____ () D:\WINDOWS\system32\nvsmb.nvu
2015-04-03 12:35 - 2014-12-14 04:39 - 00001550 _____ () D:\Documents and Settings\All Users\Start Menu\Programs\Universal Media Server.lnk
2015-04-02 04:09 - 2014-12-13 00:07 - 00010997 _____ () D:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-04-02 04:02 - 2014-12-13 00:07 - 00000617 _____ () D:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-03-30 08:02 - 2013-02-19 00:55 - 00025088 _____ (TeamViewer GmbH) D:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-03-30 01:10 - 2013-02-17 16:28 - 00468614 _____ () D:\WINDOWS\iis6.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00432820 _____ () D:\WINDOWS\FaxSetup.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00206920 _____ () D:\WINDOWS\ocgen.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00197497 _____ () D:\WINDOWS\tsoc.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00144234 _____ () D:\WINDOWS\comsetup.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00132348 _____ () D:\WINDOWS\msmqinst.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00087315 _____ () D:\WINDOWS\ntdtcsetup.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00075810 _____ () D:\WINDOWS\netfxocm.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00029750 _____ () D:\WINDOWS\MedCtrOC.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00023940 _____ () D:\WINDOWS\ocmsn.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00021770 _____ () D:\WINDOWS\tabletoc.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00021630 _____ () D:\WINDOWS\msgsocm.log
2015-03-30 01:10 - 2013-02-17 16:28 - 00001374 _____ () D:\WINDOWS\imsins.log
2015-03-30 01:09 - 2013-02-17 16:28 - 00001374 _____ () D:\WINDOWS\imsins.BAK
2015-03-29 20:12 - 2005-05-11 03:00 - 119837696 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2015-03-26 21:15 - 2013-08-23 20:26 - 01719930 _____ () D:\WINDOWS\setupapi.log.6.old
2015-03-24 00:13 - 2014-04-20 17:26 - 00778928 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-24 00:13 - 2014-04-20 17:26 - 00142512 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-19 00:29 - 2004-02-04 01:21 - 00001932 _____ () D:\Documents and Settings\Baltasar\My Documents\Default.rdp
2015-03-17 06:15 - 2014-03-05 02:09 - 00120024 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2012-11-17 11:07 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2015-03-08 17:54 - 2014-04-20 17:15 - 00000222 _____ () D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

1999-10-09 21:42 - 2003-12-13 14:25 - 0023357 ____N () D:\Program Files\folder.htt
2010-03-24 01:53 - 2010-06-09 03:03 - 0000193 _____ () D:\Documents and Settings\Administrator\Application Data\SamsungLiveUpdateConfig.ini

Files to move or delete:
====================
D:\Documents and Settings\Baltasar\DimdimSetup.exe


Some content of TEMP:
====================
D:\Documents and Settings\Baltasar\Local Settings\temp\_is1D.exe
D:\Documents and Settings\Baltasar\Local Settings\temp\Quarantine.exe
D:\Documents and Settings\Baltasar\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Administrator at 2015-04-06 10:18:46
Running from D:\Documents and Settings\Baltasar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
3D XML Player (HKLM\...\{E607E589-968B-4044-9B3E-C7DF88C2F6AA}) (Version: 12.13.12076 - Dassault Systemes)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
8x8 Pixel ROM Font Editor (HKLM\...\ST6UNST #1) (Version:  - )
A1 Sitemap Generator (HKLM\...\376C2738A0A743559D797242179B5394_is1) (Version: 1.6.6 - Micro-Sys ApS)
Acunetix Web Vulnerability Scanner 8.0 (HKLM\...\{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1) (Version: 8.0 - Acunetix)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5 (HKLM\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
American Express Smart Card Reader Software (HKLM\...\{1619FE42-B1E9-458A-B7D0-97513E399C41}) (Version: 1.0.0 - )
Apache HTTP Server 2.0.59 (HKLM\...\{3A862C7D-0504-48BC-AEF8-7F7479C7C158}) (Version: 2.0.59 - Apache Software Foundation)
A-PDF INFO Changer 1.0 (HKLM\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Aqua Deskperience (HKLM\...\{BE8578AF-FE12-4959-9C0D-7AB199E7C57D}) (Version: 1.5.3 - Deskperience)
Asterisk Key 10.0 (HKLM\...\asterisk key) (Version:  - )
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.17.17 - ASUSTeK Computer Inc.)
Atmel Software Framework (HKLM\...\{2D423733-FCBC-4E27-B026-D6D973C6496F}) (Version: 3.1.121 - Atmel)
Atmel Studio 6.0 (HKLM\...\{51CC3953-2D06-47FA-832A-B7FD24D01322}) (Version: 6.0.1843 - Atmel)
Atmel USB (HKLM\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.6 - Atmel)
AttributeMagic Pro (HKLM\...\AMPro) (Version:  - Elwinsoft)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version: 2.6.0 MT - )
AVR LCD Visualizer (HKLM\...\{075C20B8-A09B-41AB-9B06-5BA7E103910F}) (Version: 1.1.37 - Atmel)
AVR QTouch Studio (HKLM\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
AVRStudio4 (HKLM\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.18.700 - Atmel)
AVRStudio4 (Version: 4.18.684 - Atmel) Hidden
Axialis IconWorkshop 6.0 (HKLM\...\IconWorkshop) (Version:  - )
AZUp (HKLM\...\{FBDBE1F0-AED1-496B-BCBA-7E2608D622FC}) (Version: 1.00.0000 - RTi)
Bayden UAPick (HKLM\...\UAPick) (Version:  - )
Bluesoleil 6.4.249.0 (HKLM\...\{C0A871F9-D580-4404-9A69-A02CF3078C87}) (Version: 6.4.249.0 - IVT Corporation)
Cartão de Cidadão (HKLM\...\{F4CA3BD0-FC66-4438-96AC-74275AB4C5A9}) (Version: 1.26.0.635.32 - Zetes)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
chip45boot2 GUI (HKLM\...\NIMDFDeployment.{30535677-635C-4B29-AA29-140FE50612C1}) (Version: 1.9.14 - chip45 GmbH & Co. KG)
chip45boot2 GUI (Version: 1.9.14 - chip45 GmbH & Co. KG) Hidden
Citrix XenCenter (HKLM\...\{59FA4194-D2C3-4D19-AF0D-BCE63C391B1D}) (Version: 6.2.0 - Citrix Systems, Inc.)
Citrix XenCenter (HKLM\...\{D4B5FFE6-2BAC-47E4-81C9-43AF14DFB039}) (Version: 6.2.2 - Citrix Systems, Inc.)
Citrix XenConvert (HKLM\...\{D8D6AEDF-4BB9-4355-9062-5FEDD12621DC}) (Version: 2.5.2918 - Citrix Systems, Inc.)
Code Composer Studio v4.2.4 Core Edition (HKLM\...\Code Composer Studio v4.2.4 Core Edition) (Version: 4.2.4 - Texas Instruments)
CoffeeCup Image Mapper (HKLM\...\CoffeeCup Image Mapper) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Crystal Reports 2008 (HKLM\...\{068857D8-FDD1-4F29-8F74-E9DE91E8A587}) (Version: 12.0.0.683 - Business Objects)
Crystal Reports 2008 Portuguese (Brazilian) Language Pack (HKLM\...\{B7C97DFE-2417-4EBA-8207-89380E93251B}) (Version: 12.0.0.683 - Business Objects)
CSV to vCard (HKLM\...\{B9DCBBD4-20F5-424B-9C56-FFF62BE71CD7}_is1) (Version:  - csvtovcard.com)
CuteFTP Pro 3.2 (HKLM\...\{B6E70EDD-6255-4DB7-9A43-F54D8462D987}) (Version:  - GlobalSCAPE Texas, LP.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DBXpress (HKLM\...\{A600B935-50DC-476E-9432-95A13F416302}) (Version: 2.1.0 - Stephen L. Cochran, Ph.D.)
Debug Server (HKLM\...\4F9A85D9-5F0E-E538-D71C-621DF59F81FA) (Version: 4.0 - Texas Instruments)
Debugging Tools for Windows (x86) (HKLM\...\{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}) (Version: 6.11.1.402 - Microsoft Corporation)
DesignSpark PCB (Version: 3.0 - RS Components) Hidden
DesignSpark PCB Version 3.0 (HKLM\...\InstallShield_{D50300AA-D25A-463B-98BF-E09585325711}) (Version: 3.0 - RS Components)
Device Emulator 2.0 Preview (HKLM\...\{039CDAA8-A4F2-473A-950B-4373FB2674D9}) (Version: 2.0.0 - Microsoft)
DfontSplitter 0.2 (HKLM\...\{19B98EFB-9493-4651-96DD-A6768A5024E3}_is1) (Version:  - Peter Upfold)
Direct Show Ogg Vorbis Filter (remove only) (HKLM\...\OggDS) (Version:  - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.5.1 - DivX, Inc.)
DraftSight (HKLM\...\{4E368382-C6DF-4D2C-BB63-58987F6F808F}) (Version: 8.3.119 - Dassault Systemes)
DrumSounds (HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\da59fc30a14bc17c) (Version: 1.0.0.1 - DrumSounds)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dundas Software Free Products Documentation (HKLM\...\Dundas Software Free Products Documentation) (Version:  - )
Dundas Upload Control (HKLM\...\Dundas Upload Control) (Version:  - )
DVDStyler v2.4.3 (HKLM\...\DVDStyler_is1) (Version:  - )
E.M. PowerPoint Video Converter 2.90 (HKLM\...\E.M. PowerPoint Video Converter_is1) (Version:  - EffectMatrix, Inc.)
EAGLE 5.10.0 (HKLM\...\EAGLE 5.10.0) (Version: 5.10.0 - CadSoft Computer GmbH)
EAGLE 5.6.0 (HKLM\...\EAGLE 5.6.0) (Version: 5.6.0 - CadSoft Computer GmbH)
EaseUS Partition Master 9.1.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Easy GIF Animator 5.3 (HKLM\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 5.0 - Karlis Blumentals)
emulare 1.7 (HKLM\...\emulare_1_7) (Version:  - )
Emulator Images for Windows Mobile 5.0 with MSFP (HKLM\...\{907A5FE4-2A3B-4BAA-B992-C07F06C32EF9}) (Version: 1.0.2.0 - Microsoft Coproration)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Ethereal 0.99.0 (HKLM\...\Ethereal) (Version: 0.99.0 - The Ethereal developer community, http://www.ethereal.com)
FileZilla (remove only) (HKLM\...\FileZilla) (Version:  - )
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FileZilla Server (remove only) (HKLM\...\FileZilla Server) (Version:  - )
Flac2CD 4.1.1 (HKLM\...\Flac2CD_is1) (Version:  - SoftRM)
Flash Decompiler Trillix (HKLM\...\Flash Decompiler Trillix_is1) (Version: 4.1 - Eltima Software)
Flip 3.4.5 (HKLM\...\flip.exe) (Version: 3.4.5 - Atmel)
FMS (HKLM\...\FMS) (Version:  - )
FTDI USB Serial Converter Drivers (HKLM\...\FTDICOMM) (Version: 2.00.00 - FTDI Ltd)
FW LiveUpdate (HKLM\...\{159BC833-0C48-482C-94C4-2DAC8886B142}) (Version: 3.0.1.2 - TSST Korea)
FW LiveUpdate (HKLM\...\{D82016D1-B72E-4EDC-B852-1E3F3FF50536}) (Version: 1.2.0.2 - SAMSUNG)
GemPC433 (HKLM\...\{3B37905C-F3CA-444B-99E4-111655682E4B}) (Version: 1.0.0 - Gemplus)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Git version 1.7.6-preview20110708 (HKLM\...\Git_is1) (Version: 1.7.6-preview20110708 - )
GLCD Font Creator (remove only) (HKLM\...\GLCD Font Creator) (Version:  - mikroElektronika)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
GSiteCrawler (HKLM\...\GSiteCrawler) (Version: v1.23 - SOFTplus Entwicklungen GmbH, CH-6340 Baar)
GSpot Codec Information Appliance (HKLM\...\GSpot) (Version:  - )
GTK+ 2.10.13 runtime environment (HKLM\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
GTK2-Runtime (HKLM\...\GTK2-Runtime) (Version: 2.16.6-2010-05-12-ash - Alexander Shaduri)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HOT ALBUM MYBOX (HKLM\...\InstallShield_{7599B516-83D2-4B41-8DC0-25FA4ADC112F}) (Version: 3.1.8.9 - PLANNING Co., Ltd.)
HOT ALBUM MYBOX (Version: 3.1.8.9 - PLANNING Co., Ltd.) Hidden
hp deskjet 970c series (HKLM\...\hp deskjet 970c series_Driver) (Version:  - )
hp deskjet 970c series (Remove only) (HKLM\...\hp deskjet 970c series) (Version:  - )
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation)
HUAWEI FMC UnLock (HKLM\...\{1F8C3E2C-7829-4EB8-92A7-6F8151F61763}) (Version: 1.00.0000 - Huawei technologies)
Icon Editor 2.5.0.0 (HKLM\...\Icon Editor_is1) (Version:  - SoftwareClub.ws)
IconEdit Pro V7.03 (HKLM\...\{92D1B441-A18F-44B9-8F9A-4DE3F4CFFE7A}) (Version: 7.0.3.0 - Hagen Wieshofer)
ID Keeper (HKLM\...\{8257F023-B4D3-44DE-B58D-F5A68C513BC8}) (Version: 2.2 - )
ImageMagick 6.7.3-5 Q8 (2011-12-01) (HKLM\...\ImageMagick 6.7.3 Q8_is1) (Version: 6.7.3 - ImageMagick Studio LLC)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infinity USB 1.60 (HKLM\...\Infinity USB_is1) (Version:  - WB Electronics ApS)
Inkscape 0.91pre2 (HKLM\...\Inkscape) (Version: 0.91pre2 - )
IsoBuster 1.6 (HKLM\...\IsoBuster_is1) (Version: 1.6 - Smart Projects)
IsoTools (HKLM\...\{E53520BA-ECDA-42A6-8971-E96CBDD8523D}) (Version: 1.34.34.0 - 3K3Y Team)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java SE Development Kit 7 Update 17 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
JLink OB CDC Driver Package (HKLM\...\{803F609F-0EE2-4150-838E-4E47FCC8EAA9}) (Version: 1.2.1 - SEGGER)
jv16 PowerTools 2012 (HKLM\...\jv16 PowerTools 2011) (Version:  - Macecraft Software)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Khazama AVR Programmer (HKLM\...\{3A3B1409-609A-4CDC-8A60-08228B00F005}) (Version: 1.5.0000 - khazama.com)
KiCad 2009.02.16 (HKLM\...\KiCad) (Version: 2009.02.16 - )
Klever PumpKIN 2.7.3 (HKLM\...\PumpKIN) (Version: 2.7.3 - Klever Group)
K-Lite Codec Pack 10.7.6 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.7.6 - )
Korean Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5670-0000-800000000003}) (Version: 8.0.0 - Adobe Systems)
Korean Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Lcd Express v2.1 (HKLM\...\Lcd Express_is1) (Version:  - VEGA-XP)
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 1.0 - LG Electronics)
LG_MobileSync (HKLM\...\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}) (Version: 1.00.0000 - LGE GSM PC Sync)
LG_MobileSync (Version: 1.00.0000 - LGE GSM PC Sync) Hidden
LightScribe Diagnostic Utility (HKLM\...\{7419582C-1E2E-4848-88F6-9FF638D9EA87}) (Version: 1.18.24.1 - LightScribe)
Lightscribe Extended Label Contrast Utility (HKLM\...\{5F5AC805-11C7-4B84-80F5-E42F8470271A}) (Version: 1.4.124.1 - http://www.lightscribe.com)
LightScribe System Software (HKLM\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}) (Version: 1.18.5.1 - LightScribe)
Logitech MouseWare 9.79.1  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
Macromedia FreeHand MXa (HKLM\...\{939740B5-0064-4779-854A-8C1086181C05}) (Version: 11.0.2 - Macromedia)
MagicDisc 2.7.105 (HKLM\...\MagicDisc 2.7.105) (Version:  - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Device Emulator version 1.0 - ENU (HKLM\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2003 Proofing Tools (HKLM\...\{901F0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2315.3 - Microsoft)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft XML Parser and SDK (HKLM\...\{3E908702-AF35-4611-9518-955DA24B7E07}) (Version: 4.10.9406.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
mkv2vob (HKLM\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.7 - 3r1c)
MoboRobo 3.0.0.272 (HKLM\...\{02B934E4-C574-4605-842B-01CD16295185}_is1) (Version: 3.0.0.272 - MoboRobo Inc.)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSP-FET430PIF Driver (HKLM\...\6A77593C-376F-40DB-8D0C-1D1438DE9BAC) (Version: 1.0.0.1 - Texas Instruments Inc.)
MSVC80_Runtime (HKLM\...\{5E81B080-4629-4EC3-AA90-538394122120}) (Version: 1.0.0.0 - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MultiCAS-Edit (HKLM\...\{A03CCDAD-BE4B-4D06-BE0F-DE30893EEC28}) (Version: 1.5 - telesat®)
My Vapor Record 1.3 (HKLM\...\My Vapor Record 1.3) (Version:  - )
My Vapor Record 1.4 (HKLM\...\My Vapor Record 1.4) (Version:  - )
MySQL Control Center (HKLM\...\{7EFDA3AC-8A61-43C0-B023-33866829C816}) (Version: 0.9.4 - MySQL AB)
MySQL Servers and Clients 4.0.18 (HKLM\...\MySQL Servers and Clients 4.0.18) (Version:  - )
Nmap 6.47 (HKLM\...\Nmap) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12561 - NVIDIA Corporation)
OpenOCD (HKLM\...\{4ACC5799-4DF7-480E-9D2E-551C2B5CAF1B}) (Version: 0.4.0.0 - OpenOCD)
OpenOffice.org 3.2 (HKLM\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)
OpenSSL 1.0.1c Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Oracle VM VirtualBox 4.2.6 (HKLM\...\{8FDEDFA3-C1F2-4A8D-8727-7759D4C433E4}) (Version: 4.2.6 - Oracle Corporation)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.19b - )
PCEditor 1.2.60 (HKLM\...\"DGStation PCEditor by JonDoe"_is1) (Version:  - Based on DGStation PCEditor 1.0 by JonDoe)
PDF Password Remover v2.1 (HKLM\...\PDF Password Remover v2.1_is1) (Version:  - verypdf.com Inc)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF2Text Pilot (HKLM\...\{DE2ABDC9-5171-453B-B6FB-892D4981A24D}) (Version: 1.0.0.0 - Two Pilots)
Pdfedit (HKLM\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
Photo Loader 2.1E (HKLM\...\{70B45586-B51E-4947-A258-A895596C5CED}) (Version:  - )
PHP LockIt! (HKLM\...\{8B0F9BB8-4FE0-4A62-8136-FD9700E0F262}) (Version: 1.8.10 - Z-Host)
poEdit 1.2.3 (HKLM\...\poEdit_is1) (Version:  - )
PonyProg2000 v2.06c (HKLM\...\PonyProg2000_is1) (Version: 2.06c - LancOS)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PSAS (HKLM\...\PSAS) (Version:  - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Resource Hacker Version 3.6.0 (HKLM\...\ResourceHacker_is1) (Version:  - )
Riva FLV Encoder 2.0 (HKLM\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
R-Mail for Outlook Express 1.5 (HKLM\...\R-Mail for Outlook Express_is1) (Version:  - R-tools technology Inc.)
Roxio CinePlayer (HKLM\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.6 - Roxio)
Roxio Creator 2011 Pro (HKLM\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
R-Studio 5.4 (HKLM\...\R-Studio 5.4NSIS) (Version: 5.4.134120 - R-Tools Technology Inc.)
ScanSoft OmniPage 16 (HKLM\...\{CDEB0E46-1FCA-4398-875C-93410209937D}) (Version: 16.0.0000 - Nuance Communications, Inc.)
SCE File System Driver v1.8.0.17 (HKLM\...\{0795A963-D580-49CC-94EE-73619AAE47E7}) (Version: 1.8.0.17 - Sony Computer Entertainment Inc.)
SCE ProDG Debugger Documentation for PlayStation®3 v420.1.0 (HKLM\...\{D7BF9F65-76E8-44BA-948A-875863CF3144}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Debugger for PlayStation®3 v420.1.0 (HKLM\...\{6C8B2A8A-50E7-4D9F-80E7-94CBD6148FBB}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Target Manager Documentation for PlayStation®3 v420.1.0 (HKLM\...\{6DDB0863-803D-4814-A39F-E395A5D4EE34}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Target Manager for PlayStation®3 v420.1.0 (HKLM\...\{149E5890-9C43-4E68-92A3-5516705D1CAD}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
SharpReader 0.9.7.0 (HKLM\...\SharpReader_is1) (Version:  - Luke Hutteman)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{867732A3-C8AC-497B-9A7C-8D0B0892C0D1}) (Version: 6.5 - Silicon Laboratories, Inc.)
sitemap.xml.gz Generator for use with Google (HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\sitemap.xml.gz Generator for use with Google) (Version:  - Web Design Pros)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartPropoPlus (HKLM\...\SmartPropoPlus) (Version: 0.3.3.4 - SmartPropoPlus)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.7 - SmartSound Software Inc.) Hidden
SN Systems SN Launcher v1.0.7.1 (HKLM\...\{C72CA33A-AA67-4CB8-BD94-E2ABDED81173}) (Version: 1.0.7.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
software tmn (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies)
software tmn (HKLM\...\software tmn) (Version: 11.300.05.01.84 - Huawei Technologies Co.,Ltd)
SonicStage  (HKLM\...\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}) (Version:  - )
Sonne Flash Decompiler 5.2.1.2237 (HKLM\...\Sonne Flash Decompiler_is1) (Version:  - Sonne Software Solution Ltd.)
Sothink FLV Converter (HKLM\...\Sothink FLV Converter_is1) (Version:  - )
Sothink FLV Player (HKLM\...\{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1) (Version: 2.3 - SourceTec Software Co., LTD)
Sothink SWF Converter (HKLM\...\{9501CD08-4582-47A3-92BD-3E7FAF9F343C}_is1) (Version: 1.0 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{87ECFEA1-7882-4FC7-A2E2-2AC0CC262EBC}) (Version:  - )
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 6.3.5 - SourceTec Software Co., LTD)
Sothink SWF Easy (HKLM\...\{C8F4800F-52F4-4115-BE64-FF1C23604E86}_is1) (Version: 6.2 - SourceTec Software Co., LTD)
Sothink SWF Editor version 1.0 (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.0 - So Think, Inc.)
Sothink SWF Quicker (HKLM\...\{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1) (Version: 5.1 - SourceTec Software Co., LTD)
Sothink SWF to Video Converter (HKLM\...\{1C63AA59-66B2-418C-BDF5-53A534DA5690}_is1) (Version: 2.4 - SourceTec Software Co., LTD)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6110 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SQLitePlus 7 Database Explorer (HKLM\...\SQLitePlus 7 Database Explorer_is1) (Version:  - EzTools Software)
Stellar Phoenix Windows Data Recovery V4.1 (HKLM\...\Stellar Phoenix Windows Data Recovery_is1) (Version:  - Stellar Information Systems Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.45.1000 - SUPERAntiSpyware.com)
SWF & FLV Toolbox 3.5 (build 3.5.20.286) (HKLM\...\SWF & FLV Toolbox_is1) (Version: 3.5.20.286 - Eltima Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Tftpd32 Standalone Edition (remove only) (HKLM\...\Tftpd32) (Version:  - )
TortoiseGit 1.7.8.0 (32 bit) (HKLM\...\{36B91B60-EDB1-4F6F-A764-4B805A8E6E5D}) (Version: 1.7.8.0 - TortoiseGit)
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
TuxVision (HKLM\...\{05F0C917-2EDA-497A-A023-40411E75E58E}) (Version: 0.0.3.0 - )
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
U3Launcher (HKLM\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
UFRaw 0.18 (HKLM\...\UFRaw_is1) (Version:  - Udi Fuchs)
Ultra Flash Video FLV Converter 5.2.0603 (HKLM\...\Ultra Flash Video FLV Converter_is1) (Version:  - Aone Software)
Ultra Librarian (HKLM\...\Product_Name) (Version:  - )
Universal Media Server (HKLM\...\Universal Media Server) (Version: 5.1.1 - Universal Media Server)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB CASIO Digital Camera (HKLM\...\{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}) (Version:  - )
UUD32Win V2.58 (HKLM\...\UUD32Win_is1) (Version: 2.58 - Mark Spankus)
VanDyke Software SecureCRT 6.2 (HKLM\...\{7AD89AAA-31DB-44F6-9440-24F0761E4B72}) (Version: 6.2.0 - VanDyke Software, Inc.)
VB Runtime (HKLM\...\VB Runtime) (Version:  - )
version 2.0.0 (HKLM\...\ADShareit.com Video2SWF Converter Pro_is1) (Version:  - )
Viewplot (HKLM\...\Viewplot) (Version:  - )
VistaScan (HKLM\...\{FBFAAFB3-4773-495B-B030-00ABC17A01DC}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
vtf (HKLM\...\Wondershare Video To Flash Encoder(Build 1.6.5.1)_is1) (Version:  - Wondershare Software)
WBFS Manager 3.0 (HKLM\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Wii Air Guitat (HKLM\...\{97F9BF9D-CCFC-4AC1-BBA3-8CEB939155CE}) (Version: 0.1 - www.thisisnotalabel.com)
Wii Play the Drums (HKLM\...\{45833D08-FB60-47EE-86DC-868EC31ADB50}) (Version: 0.8 - thisisnotalabel.com)
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinAVR 20100110 (remove only) (HKLM\...\WinAVR-20100110) (Version: 20100110 - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (HKLM\...\53F13DB4D9611FD63BE580F06F0729BF236ABE68) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Windows Driver Package - AMD System  (04/06/2006 1.0.1.0) (HKLM\...\F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D) (Version: 04/06/2006 1.0.1.0 - AMD)
Windows Driver Package - Broadcom Bluetooth  (05/20/2009 6.2.0.9000) (HKLM\...\EE186469FB2820D1236ED54A11C5D46A5652AB40) (Version: 05/20/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (05/30/2009 6.2.0.9000) (HKLM\...\26F0442CA61BAB74F0B3387F823DF6E3A9A60430) (Version: 05/30/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (01/21/2009 6.2.0.7500) (HKLM\...\55B6E70977B195AA29596FA82AB633F8637BCF28) (Version: 01/21/2009 6.2.0.7500 - Broadcom)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3B093C44CA19A7D5324F4A3CEB666DD4EBB257D6) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\5AB23CC5A2E8D3A0AA129214C6F9CE8D7F4874B9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - libusb-win32 Digispark Bootloader (01/17/2012 1.2.6.0) (HKLM\...\BB397D9B032B585B30B619E3C501166D1E8ECF0D) (Version: 01/17/2012 1.2.6.0 - libusb-win32)
Windows Driver Package - libusb-win32 DigiUSB (01/17/2012 1.2.6.0) (HKLM\...\1FA3CC98DE949D498907A695D0D5A0C329344DE8) (Version: 01/17/2012 1.2.6.0 - libusb-win32)
Windows Driver Package - Segger (jlink) USB  (01/09/2007 2.6.5.0) (HKLM\...\ABA711DD50380EF91CB183F7CCDF6FFF13A3A738) (Version: 01/09/2007 2.6.5.0 - Segger)
Windows Driver Package - Segger (jlink_ob) USB  (03/13/2012 2.6.6.2) (HKLM\...\6D4C34D12E9233ABADF9D04ADF9E288A7ECF3B5B) (Version: 03/13/2012 2.6.6.2 - Segger)
Windows Driver Package - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (HKLM\...\Windows Media Connect) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.95 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}) (Version: 5.2.95 - Microsoft)
Windows Support Tools (HKLM\...\{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}) (Version: 5.1.2600.5512 - Microsoft Corporation)
Windows XP Uninstall (HKLM\...\Windows) (Version:  - )
WinHex (HKLM\...\WinHex) (Version:  - )
WinISO (HKLM\...\WinISO) (Version: 6.3.0.4770 - WinISO Computing Inc.)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 5.5.6 (HKLM\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
Wireshark 1.10.11 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.11 - The Wireshark developer community, http://www.wireshark.org)
WMI Tools (HKLM\...\{25A13826-8E4A-4FBF-AD2B-776447FE9646}) (Version: 1.50.1131.0001 - Microsoft Corporation)
ZON NET Mobile (HKLM\...\ZON NET Mobile) (Version: 11.302.09.01.548 - Huawei Technologies Co.,Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> D:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{13FE2FA1-EE8B-45B9-BBB4-08E5F2F43AC3}\InprocServer32 -> D:\Program Files\Deskperience\Aqua\TCaptureX.dll (Deskperience)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{4652E117-CDF0-4B10-B3C9-4FE74FD0FA5B}\InprocServer32 -> D:\Program Files\Deskperience\Aqua\TCaptureX.dll (Deskperience)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{924699E8-66EF-4EB9-AB6E-3CA9660B31EC}\InprocServer32 -> D:\Program Files\Deskperience\Aqua\TCaptureX.dll (Deskperience)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{9C796258-A0CA-4fe4-A559-609B91520388}\localserver32 -> D:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{AD58B105-E00C-4F3F-81A5-54F741853E5C}\InprocServer32 -> D:\Program Files\Deskperience\Aqua\TCaptureX.dll (Deskperience)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{B13501DF-12B3-4A6A-9A5B-8FA1EBCF8699}\InprocServer32 -> D:\Program Files\Deskperience\Aqua\TCaptureX.dll (Deskperience)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> D:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1214440339-842925246-854245398-1003_Classes\CLSID\{BF616448-1D65-4559-9293-0F6B607BA892}\InprocServer32 -> D:\Program Files\Deskperience\Aqua\TCaptureX.dll (Deskperience)

==================== Restore Points  =========================

26-03-2015 23:55:52 System Checkpoint
28-03-2015 00:11:52 System Checkpoint
29-03-2015 01:11:48 System Checkpoint
29-03-2015 20:11:40 Software Distribution Service 3.0
30-03-2015 00:19:32 Software Distribution Service 3.0
30-03-2015 01:08:49 Software Distribution Service 3.0
31-03-2015 04:14:00 System Checkpoint
01-04-2015 05:00:13 System Checkpoint
02-04-2015 05:12:18 System Checkpoint
03-04-2015 22:15:11 Driver Booster : Logitech USB Cordless Mouse
04-04-2015 00:23:17 Restore Operation
05-04-2015 00:50:11 System Checkpoint
05-04-2015 18:23:21 Installed Ozone Blade Keyboard
05-04-2015 18:23:28 Installed Ozone Blade Keyboard
05-04-2015 18:27:59 Removed Ozone Blade Keyboard
05-04-2015 19:11:39 Installed Easy Smart Configuration Utility
05-04-2015 19:24:45 Removed Easy Smart Configuration Utility

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 11:00 - 2015-04-06 02:50 - 00004730 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

There are 63 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{782B517D-29DC-4A31-BB1F-A478DEF790CA}.job => D:\WINDOWS\system32\msfeedssync.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-02-27 16:41 - 2009-02-27 16:41 - 00122976 ____N () D:\WINDOWS\system32\BsMobileSDK.dll
2009-02-27 16:41 - 2009-02-27 16:41 - 00098403 ____N () D:\WINDOWS\system32\Bs2Res.dll
2006-11-26 19:25 - 2009-11-05 08:39 - 00087552 ____N () D:\WINDOWS\system32\cpwmon2k.dll
2005-01-15 02:30 - 2002-07-17 14:56 - 00028672 ____N () D:\WINDOWS\system32\mwf_mon.dll
2014-09-16 09:46 - 2015-03-30 08:02 - 00019216 _____ () D:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2007-03-01 14:49 - 2007-02-28 21:49 - 00028672 _____ () F:\SitesDevelop\php\php4apache2.dll
2008-09-29 21:33 - 2008-09-27 14:37 - 00110592 _____ () F:\SitesDevelop\php\extensions\eaccelerator.dll
2007-02-28 21:49 - 2007-02-28 21:49 - 01536000 _____ () F:\SitesDevelop\php\extensions\php_mbstring.dll
2007-02-28 21:49 - 2007-02-28 21:49 - 00667648 _____ () F:\SitesDevelop\php\extensions\php_domxml.dll
2007-02-28 21:49 - 2007-02-28 21:49 - 00802816 _____ () F:\SitesDevelop\php\extensions\php_gd2.dll
2007-02-28 21:49 - 2007-02-28 21:49 - 00040960 _____ () F:\SitesDevelop\php\extensions\php_gettext.dll
2007-02-28 21:49 - 2007-02-28 21:49 - 00032768 _____ () F:\SitesDevelop\php\extensions\php_xslt.dll
2004-02-28 23:21 - 2003-11-03 00:00 - 00385024 ____N () D:\WINDOWS\system32\sablot.dll
2004-02-28 23:22 - 2003-11-03 00:00 - 00135168 ____N () D:\WINDOWS\system32\expat.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2009-02-27 17:04 - 2009-02-27 17:04 - 00850432 _____ () D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
2009-02-27 16:43 - 2009-02-27 16:43 - 00110712 _____ () D:\Program Files\IVT Corporation\BlueSoleil\setup.dll
2008-04-14 12:00 - 2008-04-14 12:00 - 00015360 ____N () D:\WINDOWS\system32\tsd32.dll
2009-02-27 16:40 - 2009-02-27 16:40 - 00143467 _____ () D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
2008-12-26 16:44 - 2008-12-26 16:44 - 00237568 _____ () D:\Program Files\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
2008-12-26 16:45 - 2008-12-26 16:45 - 00061440 _____ () D:\Program Files\IVT Corporation\BlueSoleil\Mobile\ExtraLib.dll
2003-05-01 17:23 - 2003-05-01 17:23 - 00041472 _____ () D:\Program Files\IVT Corporation\BlueSoleil\Mobile\cscvt.dll
2009-02-27 16:40 - 2009-02-27 16:40 - 00028672 ____N () D:\WINDOWS\system32\BsMobileCSps.dll
2014-09-24 16:48 - 2014-12-10 10:57 - 00113448 _____ () D:\Program Files\MoboRobo\MoboroboDeviceService.exe
2014-09-24 16:48 - 2014-12-10 10:58 - 00973168 _____ () D:\Program Files\MoboRobo\DriverInstall.dll
2004-02-28 17:33 - 2004-02-11 01:57 - 02265088 _____ () F:\SitesDevelop\mysql\bin\mysqld-nt.exe
2009-02-27 16:42 - 2009-02-27 16:42 - 00098407 _____ () D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
2008-04-14 12:00 - 2013-01-02 06:49 - 01292288 _____ () D:\WINDOWS\system32\quartz.dll
2008-04-14 12:00 - 2008-04-14 12:00 - 00059904 ____N () D:\WINDOWS\system32\devenum.dll
2008-04-14 12:00 - 2008-04-14 12:00 - 00014336 ____N () D:\WINDOWS\system32\msdmo.dll
2013-02-28 13:12 - 2013-03-08 10:23 - 02641920 _____ () D:\Program Files\TSST Korea\FW LiveUpdate\LiveUpdate.dat
2008-09-12 17:29 - 2008-09-12 17:29 - 00131072 _____ () D:\Program Files\Cartão de Cidadão\imageformats\qjpeg1.dll
2008-09-12 17:29 - 2008-09-12 17:29 - 00278528 _____ () D:\Program Files\Cartão de Cidadão\imageformats\qtjp22.dll
2009-02-27 17:04 - 2009-02-27 17:04 - 00278016 _____ () D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
2008-03-07 13:54 - 2008-03-07 13:54 - 17907824 ____N () D:\WINDOWS\system32\BsLangInDepRes.dll
2009-02-27 16:44 - 2009-02-27 16:44 - 00053248 ____N () D:\WINDOWS\system32\HtmPrintHelper.dll
2010-06-30 09:10 - 2010-06-30 09:10 - 00477680 _____ () D:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
2010-08-25 12:27 - 2010-08-25 12:27 - 00084464 _____ () D:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
2011-06-17 11:46 - 2011-06-17 11:46 - 02408448 _____ () D:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-06-17 11:46 - 2011-06-17 11:46 - 08626176 _____ () D:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-06-17 11:46 - 2011-06-17 11:46 - 00212992 _____ () D:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-10-23 09:45 - 2007-10-23 09:45 - 01336632 _____ () D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
2004-02-28 17:33 - 2004-02-11 01:58 - 00249856 _____ () F:\SitesDevelop\mysql\bin\LIBMYSQL.dll
2012-04-01 01:33 - 2012-04-01 01:33 - 00071864 _____ () D:\Program Files\TortoiseGit\bin\zlib132.dll
2012-04-01 01:33 - 2012-04-01 01:33 - 00232120 _____ () D:\Program Files\TortoiseGit\bin\libgit232.dll
2014-03-28 10:35 - 2014-03-28 10:35 - 00093696 _____ () K:\Program Files\FileZilla\fzshellext.dll
2009-02-27 16:44 - 2009-02-27 16:44 - 00622693 ____N () D:\WINDOWS\system32\BsShell.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2003-10-18 22:37 - 2010-03-15 11:28 - 00141824 _____ () D:\Program Files\WinRAR\rarext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () D:\Program Files\Notepad++\NppShell_05.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1214440339-842925246-854245398-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1214440339-842925246-854245398-500\Control Panel\Desktop\\Wallpaper -> D:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1214440339-842925246-854245398-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1214440339-842925246-854245398-1006 - Limited - Enabled)
Baltasar (S-1-5-21-1214440339-842925246-854245398-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Baltasar
Guest (S-1-5-21-1214440339-842925246-854245398-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-842925246-854245398-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-842925246-854245398-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 10:17:25 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/06/2015 10:17:25 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/rcconstrucoes_backoffice/httpdocs] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/lanuce_frontoffice/wms] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/mds-cat_frontoffice/httpdocs] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/mds-cat_backoffice/httpdocs] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/beta_backoffice/httpdocs] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/mds/httpdocs] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/selenova_backoffice/httpdocs] does not exist     .

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> Warning: DocumentRoot [F:/SitesDevelop/lissa_backoffice/httpdocs] does not exist     .


System errors:
=============
Error: (04/06/2015 10:06:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BOT4Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2015 09:59:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1068

Error: (04/06/2015 09:59:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (04/06/2015 09:56:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1068

Error: (04/06/2015 09:56:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (04/06/2015 09:56:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (04/06/2015 09:56:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (04/06/2015 09:56:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (04/06/2015 09:52:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/06/2015 09:52:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SCE File System Driver service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/06/2015 10:17:25 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/06/2015 10:17:25 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/rcconstrucoes_backoffice/httpdocs] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/lanuce_frontoffice/wms] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/mds-cat_frontoffice/httpdocs] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/mds-cat_backoffice/httpdocs] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/beta_backoffice/httpdocs] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/mds/httpdocs] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/selenova_backoffice/httpdocs] does not exist

Error: (04/06/2015 09:55:03 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>Warning: DocumentRoot [F:/SitesDevelop/lissa_backoffice/httpdocs] does not exist


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+
Percentage of memory in use: 34%
Total physical RAM: 3038.48 MB
Available physical RAM: 1992.45 MB
Total Pagefile: 4919.48 MB
Available Pagefile: 3757.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.45 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:9.99 GB) (Free:1.62 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: (WINDOWS) (Fixed) (Total:199.96 GB) (Free:42.69 GB) FAT32
Drive e: (NET&GAMES) (Fixed) (Total:255.69 GB) (Free:13.94 GB) FAT32
Drive f: (MOVIES) (Fixed) (Total:245.95 GB) (Free:195.33 GB) FAT32
Drive g: (SWISNIFE1) (Fixed) (Total:233.76 GB) (Free:15.48 GB) NTFS
Drive k: (PROGRAMS) (Fixed) (Total:26.05 GB) (Free:6.38 GB) NTFS
Drive l: (GRAPHIC PROGRAMS) (Fixed) (Total:26.04 GB) (Free:8.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233.8 GB) (Disk ID: 921B50CC)
Partition 1: (Not Active) - (Size=233.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E2C17D3B)
Partition 1: (Active) - (Size=10 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=455.8 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00A300A4)
Partition 1: (Active) - (Size=26 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=272 GB) - (Type=OF Extended)

==================== End Of Log ============================


Edited by Balta, 06 April 2015 - 04:38 AM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 06 April 2015 - 06:23 AM

Are you sure there isn't a JRT.txt log on your desktop. If not, can you try running it again.

 

Sorry, won't be able to reply for a few hours as I have to go out, (Bank Holiday here).

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 06 April 2015 - 07:05 AM

Yes no log file at the desktop, unless he saves it elsewhere.

 

Anway I did further tests and if I "run as" Adminsitrator it works, but after finished I get some strange desktop and loose almost of my user options, looks like he goes as I logged with user Administrator insted the normal one, than only a reboot puts everything back to normal.

This is the log I get running the tool like that:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.2 (04.06.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Mon 04/06/2015 at 10:49:44.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/06/2015 at 11:03:15.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 06 April 2015 - 07:55 AM

Did you set this:

 

ProxyServer: [.DEFAULT] => 127.0.0.1:8088
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 06 April 2015 - 08:15 AM

No and on the browsers the proxy configuration show empty, so fon't know from where that cames from and how can I clean it.

Also if I'm seeing ok netstat doesn't report nothing runnig on that port.

 

Tryed to run the tool again and I manage to see that it auto closes the window a litle bit after showing the message "checking Firefox".


Edited by Balta, 06 April 2015 - 11:20 AM.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 06 April 2015 - 03:50 PM


P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.


HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => 127.0.0.1:8088
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} ->  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154986089372
FF Extension: No Name - D:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\Baltasar\Application Data\IObit
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ProductData
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\IObit
2015-04-02 04:02 - 2015-04-05 22:18 - 01001853 _____ () D:\WINDOWS\setupapi.log
D:\Documents and Settings\Baltasar\Application Data\IObit
D:\Documents and Settings\All Users\Application Data\ProductData
D:\Documents and Settings\All Users\Application Data\IObit
D:\WINDOWS\setupapi.log
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {4c62d0a2-8c11-11df-a173-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {6d844269-d095-11e2-b5e4-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {8f01f29e-a968-11dc-8a09-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fae-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4faf-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fb0-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bd043764-f53e-11e0-a1fa-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e3-1a30-11e4-a915-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e5-1a30-11e4-a915-001e101f22e5}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e6-1a30-11e4-a915-001e101f22e5}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e8556028-b2f9-11e0-a1f0-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e855602a-b2f9-11e0-a1f0-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {fd5663d5-772b-11e0-a1e1-005056c00008}]

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Please include the fixlist.txt and CKFiles.txt logs in your reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 06 April 2015 - 06:39 PM

I understand what you mean by the P2P, I rarely use it unless some times for finding cartoons for my kids and for nothing else, anyway I run what you asked and here is the results.

 

 

1st run of FRST it crashed with a debug message from some microsoft tool but produce this log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Baltasar at 2015-04-07 00:27:01 Run:1
Running from D:\Documents and Settings\Baltasar\Desktop
Loaded Profiles: Baltasar (Available profiles: Baltasar & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => 127.0.0.1:8088
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} ->  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154986089372
FF Extension: No Name - D:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\Baltasar\Application Data\IObit
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ProductData
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\IObit
2015-04-02 04:02 - 2015-04-05 22:18 - 01001853 _____ () D:\WINDOWS\setupapi.log
D:\Documents and Settings\Baltasar\Application Data\IObit
D:\Documents and Settings\All Users\Application Data\ProductData
D:\Documents and Settings\All Users\Application Data\IObit
D:\WINDOWS\setupapi.log
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {4c62d0a2-8c11-11df-a173-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {6d844269-d095-11e2-b5e4-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {8f01f29e-a968-11dc-8a09-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fae-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4faf-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fb0-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bd043764-f53e-11e0-a1fa-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e3-1a30-11e4-a915-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e5-1a30-11e4-a915-001e101f22e5}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e6-1a30-11e4-a915-001e101f22e5}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e8556028-b2f9-11e0-a1f0-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e855602a-b2f9-11e0-a1f0-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {fd5663d5-772b-11e0-a1e1-005056c00008}]
*****************

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1214440339-842925246-854245398-500\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}" => Key deleted successfully.
HKCR\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}" => Key deleted successfully.
 

-----------------------------------------------------------------------

 

Them I run it again to see if goes with the same error (hope there is no prob with this...) and went to the end without any error or crash producing this other log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Baltasar at 2015-04-07 00:28:42 Run:2
Running from D:\Documents and Settings\Baltasar\Desktop
Loaded Profiles: Baltasar (Available profiles: Baltasar & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1214440339-842925246-854245398-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => 127.0.0.1:8088
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} ->  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154986089372
FF Extension: No Name - D:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\Baltasar\Application Data\IObit
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ProductData
2015-04-03 22:10 - 2015-04-03 22:10 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\IObit
2015-04-02 04:02 - 2015-04-05 22:18 - 01001853 _____ () D:\WINDOWS\setupapi.log
D:\Documents and Settings\Baltasar\Application Data\IObit
D:\Documents and Settings\All Users\Application Data\ProductData
D:\Documents and Settings\All Users\Application Data\IObit
D:\WINDOWS\setupapi.log
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {4c62d0a2-8c11-11df-a173-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {6d844269-d095-11e2-b5e4-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {8f01f29e-a968-11dc-8a09-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fae-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4faf-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {91bb4fb0-a254-11df-a179-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bd043764-f53e-11e0-a1fa-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e3-1a30-11e4-a915-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e5-1a30-11e4-a915-001e101f22e5}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {bdd0b3e6-1a30-11e4-a915-001e101f22e5}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e8556028-b2f9-11e0-a1f0-001bfccb85bc}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {e855602a-b2f9-11e0-a1f0-00027200f5df}]
[-HKU\S-1-5-21-1214440339-842925246-854245398-1003\...\MountPoints2: {fd5663d5-772b-11e0-a1e1-005056c00008}]
*****************

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1214440339-842925246-854245398-500\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} => Key not found.
HKCR\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C} => Key not found.
"HKCR\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}" => Key deleted successfully.
D:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
D:\Documents and Settings\Baltasar\Application Data\IObit => Moved successfully.
D:\Documents and Settings\All Users\Application Data\ProductData => Moved successfully.
D:\Documents and Settings\All Users\Application Data\IObit => Moved successfully.
D:\WINDOWS\setupapi.log => Moved successfully.
"D:\Documents and Settings\Baltasar\Application Data\IObit" => File/Directory not found.
"D:\Documents and Settings\All Users\Application Data\ProductData" => File/Directory not found.
"D:\Documents and Settings\All Users\Application Data\IObit" => File/Directory not found.
"D:\WINDOWS\setupapi.log" => File/Directory not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c62d0a2-8c11-11df-a173-00027200f5df} => Key not found.
HKCR\CLSID\{4c62d0a2-8c11-11df-a173-00027200f5df} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d844269-d095-11e2-b5e4-00027200f5df} => Key not found.
HKCR\CLSID\{6d844269-d095-11e2-b5e4-00027200f5df} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f01f29e-a968-11dc-8a09-00027200f5df} => Key not found.
HKCR\CLSID\{8f01f29e-a968-11dc-8a09-00027200f5df} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91bb4fae-a254-11df-a179-001bfccb85bc} => Key not found.
HKCR\CLSID\{91bb4fae-a254-11df-a179-001bfccb85bc} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91bb4faf-a254-11df-a179-001bfccb85bc} => Key not found.
HKCR\CLSID\{91bb4faf-a254-11df-a179-001bfccb85bc} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91bb4fb0-a254-11df-a179-001bfccb85bc} => Key not found.
HKCR\CLSID\{91bb4fb0-a254-11df-a179-001bfccb85bc} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd043764-f53e-11e0-a1fa-00027200f5df} => Key not found.
HKCR\CLSID\{bd043764-f53e-11e0-a1fa-00027200f5df} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd0b3e3-1a30-11e4-a915-00027200f5df} => Key not found.
HKCR\CLSID\{bdd0b3e3-1a30-11e4-a915-00027200f5df} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd0b3e5-1a30-11e4-a915-001e101f22e5} => Key not found.
HKCR\CLSID\{bdd0b3e5-1a30-11e4-a915-001e101f22e5} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd0b3e6-1a30-11e4-a915-001e101f22e5} => Key not found.
HKCR\CLSID\{bdd0b3e6-1a30-11e4-a915-001e101f22e5} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8556028-b2f9-11e0-a1f0-001bfccb85bc} => Key not found.
HKCR\CLSID\{e8556028-b2f9-11e0-a1f0-001bfccb85bc} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e855602a-b2f9-11e0-a1f0-00027200f5df} => Key not found.
HKCR\CLSID\{e855602a-b2f9-11e0-a1f0-00027200f5df} => Key not found.
HKU\[-S-1-5-21-1214440339-842925246-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5663d5-772b-11e0-a1e1-005056c00008} => Key not found.
HKCR\CLSID\{fd5663d5-772b-11e0-a1e1-005056c00008} => Key not found.

==== End of Fixlog 00:28:44 ====

 

 

The last tool (CKScanner) gave just this log:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.NKNAKZ
 ----- EOF -----
 

 



#10 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 07 April 2015 - 02:27 AM

Thanks for the logs.

 

Can you tell me if there is any change.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 07 April 2015 - 03:37 AM

For now I did a couple of reboots just to test and navigate a lot in the web and looks stable without crashing.

I just have 2 things that I notice now, first on my computer in any disk drive left cliking and them click on "format" option does't do nothing not even the window with the format options pops up.

 

Second, Kaspersky keeps asking if I want to scan the drive G: saying it's a removable one... weird has this is a normal IDE hard drive allways connected.

 

 

Just wondering if I should do any scan with some of the  tools to see if all we try to get rid was really gone and didn't came back?

 

Thanks.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 07 April 2015 - 04:02 AM

Let’s run an online scan to be sure all is OK.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.

 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 07 April 2015 - 07:23 PM

Ok, after a long time scanning this is what was found:

 

D:\clean.cmd    BAT/HostsChanger.A potentially unsafe application
D:\Program Files\PSAS\PSAS.exe    a variant of Win32/Packed.Themida potentially unwanted application
D:\Program Files\vplug\Plugins\HackSat-SoftCam9b.exe    probably unknown NewHeur_PE virus
D:\Program Files\Tftpd32\tftpd32.exe    a variant of Win32/TFTPD32.A potentially unsafe application
D:\Documents and Settings\Baltasar\Desktop\clean.cmd    BAT/HostsChanger.A potentially unsafe application
D:\Documents and Settings\Baltasar\Desktop\MicroSD Backup\z4root_(1.3.0).apk    Android/DroidRooter.A potentially unsafe application
D:\Documents and Settings\Baltasar\Desktop\MicroSD Backup\TitaniumBackup\com.bfs.ninjump-303f174e25cd6ea3060b6ed54fdd943e.apk.gz    a variant of Android/SMSreg.EI potentially unsafe application
D:\Documents and Settings\Administrator\Desktop\computer-repair-utility-kit-v2.zip    Win32/PrcView potentially unsafe application
D:\WINDOWS\SYSTEM32\MACROMED\Shockwave 10\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\lakmrcsf.ini.vir    Win32/Adware.Virtumonde.NEO application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\waycf.bak1.vir    Win32/Adware.Virtumonde.NEO application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\waycf.ini.vir    Win32/Adware.Virtumonde.NEO application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\waycf.ini2.vir    Win32/Adware.Virtumonde.NEO application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\waycf.tmp.vir    Win32/Adware.Virtumonde.NEO application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\wywsbqfk.ini.vir    Win32/Adware.Virtumonde.NEO application
D:\Qoobox\Quarantine\D\WINDOWS\SYSTEM32\xycgvdun.ini.vir    Win32/Adware.Virtumonde.NEO application
D:\SDFix\apps\Process.exe    Win32/PrcView potentially unsafe application



#14 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:12 PM

Posted 08 April 2015 - 04:16 AM

Please copy all text in the code box below and paste it into Notepad:
 


@echo off
del /f /s /q "D:\clean.cmd”
del /f /s /q “D:\Documents and Settings\Baltasar\Desktop\clean.cmd”
del /f /s /q "D:\Documents and Settings\Administrator\Desktop\computer-repair-utility-kit-v2.zip”
del /f /s /q "D:\WINDOWS\SYSTEM32\MACROMED\Shockwave 10\gt.exe”
del /f /s /q "D:\SDFix”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan are false-positives or only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 Balta

Balta
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 08 April 2015 - 06:04 AM

Ok the batch file was not working ok, them I realise that the quote char was not indentical so I fixed typing all of them again and was ok after, it delete all the directorys and files as should be.

 

The log from the Security Check tool gave this log:

 

notcheckup31.txt
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D::  
````````````````````End of Log``````````````````````






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users