Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't update flash player or CryptoPrevent ...


  • This topic is locked This topic is locked
25 replies to this topic

#1 Tiger-Heli

Tiger-Heli

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 26 October 2015 - 07:55 AM

I had a previous issue here http://www.bleepingcomputer.com/forums/t/586174/started-as-u-cash-now-bsod/page-5 which seemed to be fixed, but I have two more issues and was asked to start a new thread: 

 

I am still having two issues with the computer - I'm not sure if they are related or not

Issues:

 - Flash Player will not update.  I downloaded the 17mb file from the network distribution site (http://www.adobe.com/es/products/flashplayer/distribution3.html) and it installed and I set it to update automatically, but today Firefox wouldn't allow Flash on a page b/c the flash player was out of date.  I went to "Get Flash - https://get.adobe.com/flashplayer/" and the 1.1 Mb file downloaded and I ran it and it downloaded the 17 mb file, but then it said "installation Failed".  I was having the same issue with it before the computer got infected (or before it showed it was infected.)

 - CryptoPrevent won't update its definitions.  I get an error "could not update" which is the same error I get when the computer is offline.  I had to disable Avast completely to connect to www.foolibleep.com (www.foolish-it.com without the dash) in Firefox, but I could connect when I did that, but I still couldn't update through CryptoPrevent.  I added CryptoPrevent to the windows firewall exceptions, I tried disabling Avast and disabling Malwarebytes anti-exploit, and tried booting to safe mode with networking and still got the same error.  CP support offered to remote in and try to fix it, but I'm not sure I am comfortable doing that yet.  More info: http://www.bleepingcomputer.com/forums/t/591190/question-on-scans-sandboxing-cryptoprotect-etc/page-5

I used to use BlackViper's guide to disable un-needed services, but I don't think that is the issue,but it could be ...

 

Thanks in advance!!!



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 31 October 2015 - 08:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/594470 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 02 November 2015 - 07:04 AM

I still need help - will post FRST Log and more info Wednesday - thanks!!!


Edited by Tiger-Heli, 02 November 2015 - 03:33 PM.


#4 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 November 2015 - 08:46 AM

Lots to cover - I ran FRST twice - the morning run showed PhenomMSRTweaker not working.  I fixed that but wanted you to have the most up-to-date info to review.  First run:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-2015
Ran by username (administrator) on computername (03-11-2015 06:00:10)
Running from G:\Data\Desktop
Loaded Profiles: username (Available Profiles: username)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) G:\program files\AVAST Software\Avast\AvastSvc.exe
(PS Soft Lab) G:\program files\PS Tray Factory\PSTrayFactory.exe
(Barefoot Productions, Inc.) G:\PROGRA~1\AUTOSH~1\AS_Service.exe
(Barefoot Productions, Inc.) G:\PROGRA~1\AUTOSH~1\AutoShutdown.exe
(Logitech, Inc.) G:\program files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation) G:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe
(AVAST Software) G:\program files\AVAST Software\Avast\AvastUI.exe
(Cyber Power Systems, Inc.) G:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Malwarebytes Corporation) G:\program files\Malwarebytes Anti-Exploit\mbae.exe
(Dekisoft) G:\program files\MonitorOff\monoff.exe
(EasySync Solutions) G:\program files\EasySync Solutions\EasySync CryptoMonitor\CryptoMonitor.exe
(Logitech, Inc.) G:\program files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() G:\program files\PhenomMsrTweaker\PhenomMsrTweaker.exe
(Stoic Joker's Network) G:\program files\TClockEx\Win32\Clock.exe
(James Garton) G:\program files\Wallpaper Master\Wallpaper.exe
(EnTech Taiwan) C:\MultiRes\MultiRes.exe
(Cyber Power Systems, Inc.) G:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
(Brad Jackson) G:\program files\WKeyKill\WKeyKill.exe
(Jay Elaraj) G:\program files\taskbar_shuffle\taskbarshuffle.exe
(Microsoft Corporation) C:\WINDOWS\system32\locator.exe
(Almico Software (www.almico.com)) G:\program files\SpeedFan\speedfan.exe
(Rocket Division Software) G:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(Ceiiular) G:\program files\Show Desktop\Show Desktop.exe
(NTWind Software) G:\program files\VistaSwitcher\vswitch.exe
() G:\program files\AeroSnap\AeroSnap.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(LifeSniffer) G:\program files\BBK\BBK.exe
(Mozilla) G:\PortableApps\SunbirdPortable\App\sunbird\sunbird.exe
(Foxit Software) G:\program files\Foxit Software\Foxit Reader\Foxit Reader.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrayFactory] => G:\program files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKLM\...\Run: [AutoShutdown] => G:\program files\AutoShutdown\AutoShutdown.exe [631808 2003-10-06] (Barefoot Productions, Inc.)
HKLM\...\Run: [EvtMgr6] => G:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => G:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-25] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => G:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [379280 2015-06-08] (Cyber Power Systems, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => G:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM\...\RunOnce: [PSTF] => G:\program files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-05-27] (ATI Technologies Inc.)
HKU\S-1-5-19\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Run: [DAEMON Tools Lite] => G:\Program Files\DAEMON Tools\DTLite.exe -autorun
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Run: [Dekisoft Monitor Off Utility] => G:\program files\MonitorOff\monoff.exe [430592 2009-08-31] (Dekisoft)
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Run: [CryptoMonitorSU] => G:\Program Files\EasySync Solutions\EasySync CryptoMonitor\CryptoMonitor.exe [2028296 2015-06-30] (EasySync Solutions)
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoStrCmpLogical] 0x01000000
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFF03
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-823518204-746137067-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\Washingt.scr [12570681 2011-04-10] ()
HKU\S-1-5-18\...\Run: [20090604] => G:\Program Files\Broderbund\Mavis Beacon Platinum - 25th Anniversary Edition\RegApp\encore_reg.exe [102522 2009-06-12] (DataLode, Inc.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x43010000
HKU\S-1-5-18\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoUserNameInStartMenu] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => G:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-25] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2015-07-09] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to startup.brs.lnk [2011-04-28]
ShortcutTarget: Shortcut to startup.brs.lnk -> G:\program files\Batchrun\startup.brs ()
BootExecute: autocheck autochk /k:F *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-823518204-746137067-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272050581828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - G:\program files\Belarc\Advisor\System\BAVoilaX.dll [2009-06-25] (Belarc, Inc.)
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - G:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll [1999-07-02] (Microsoft Corporation)
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - G:\program files\BEAT THE MARKET\OWC10.DLL [2002-06-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\mk8rr51w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> G:\Program Files\DivX\DivX Web Player\npdivx32.dll [2008-10-06] (DivX,Inc.)
FF Plugin: @garmin.com/GpsControl -> G:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> g:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> G:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> G:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> G:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> G:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> G:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> G:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\mfc71.dll [2003-03-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\msvcr71.dll [2003-02-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-05-17] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010-04-11] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\npmfv.dll [2009-08-15] (IBM Corporation)
FF Extension: Java Console - G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-08] [not signed]
StartMenuInternet: FIREFOX.EXE - G:\program files\Firefox\App\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AutoShutdown; G:\program files\AutoShutdown\AS_Service.exe [143872 2003-10-06] (Barefoot Productions, Inc.) [File not signed]
R2 avast! Antivirus; G:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-25] (AVAST Software)
S3 CTUPnPSv; G:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 Diskeeper; G:\Program Files\Executive Software\DiskeeperLite\DKService.exe [176128 2002-10-16] (Executive Software International, Inc.) [File not signed]
S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()
S3 IDriverT; G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LBTServ; G:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [295192 2011-09-27] (Logitech, Inc.)
R2 MbaeSvc; G:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; G:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 PhenomMsrTweaker; G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [19456 2009-03-19] () [File not signed]
R2 ppped; G:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1071504 2015-06-08] (Cyber Power Systems, Inc.)
R2 StarWindService; G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software) [File not signed]
S3 WMPNetworkSvc; G:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2009-01-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-04-23] (Meetinghouse Data Communications) [File not signed]
R0 ahcix86; C:\WINDOWS\System32\DRIVERS\ahcix86.sys [189968 2009-09-02] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [19200 2006-06-09] (SlySoft, Inc.) [File not signed]
S4 AODDriver; C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [7168 2009-02-22] () [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-09-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-09-25] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-09-25] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-25] (AVAST Software)
S4 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-03-06] () [File not signed]
R2 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-05-07] (Disc Soft Ltd)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [27392 2005-05-03] (SlySoft, Inc.) [File not signed]
R2 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [8064 2006-04-21] (Elaborate Bytes AG) [File not signed]
R3 ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [4608 2005-04-12] (Elaborate Bytes AG) [File not signed]
R1 ESProtectionDriver; G:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
S4 etdrv; C:\WINDOWS\etdrv.sys [17488 2009-09-11] (Windows ® 2000 DDK provider)
S4 gdrv; C:\WINDOWS\gdrv.sys [17488 2010-10-12] (Windows ® 2000 DDK provider)
S4 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 Pcatip; C:\WINDOWS\System32\DRIVERS\Pcatip.sys [25088 2002-12-11] (VSO Software) [File not signed]
R3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [47360 2009-09-20] (VSO Software) [File not signed]
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [580096 2008-06-10] (Ralink Technology, Corp.) [File not signed]
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [3734976 2009-06-24] (Realtek Semiconductor Corp.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [329384 2015-05-07] (Duplex Secure Ltd.)
S4 vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [223128 2009-09-20] (Alcohol Soft Co., Ltd.)
R0 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [24320 2006-04-22] (Elaborate Bytes AG) [File not signed]
U4 WinRing0_1_2_0; G:\program files\PhenomMsrTweaker\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)
U3 a0ajcbi1; C:\WINDOWS\system32\Drivers\a0ajcbi1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 UnlockerDriver5; G:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-03-03] () [File not signed]
U3 aegcd7os; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-18 10:28 - 2015-10-18 10:28 - 00000000 ____D C:\Documents and Settings\username\Application Data\gambatte
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\username\Desktop\&nxmuloklsjtmjklwkxexx
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\username\AAODFxcvaklsjtmjklwkxelssz
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\^xcvaklsjtmjklwkxelssz
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\%hualklsjtmjklwkxerswa
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\!mwrklsjtmjklwkxebrutp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 06:00 - 2015-08-11 09:26 - 00000000 ____D C:\FRST
2015-11-03 06:00 - 2011-09-05 09:25 - 00000000 ____D C:\Documents and Settings\username\Local Settings\temp
2015-11-03 05:58 - 2015-07-10 18:26 - 00000000 ____D G:\Program Files\CyberPower PowerPanel Personal Edition
2015-11-02 18:09 - 2009-10-09 10:49 - 00000000 ____D C:\Documents and Settings\username\Application Data\Mozilla
2015-11-01 18:16 - 2009-09-05 15:17 - 00602280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-01 18:12 - 2011-04-26 18:02 - 00000000 ____D G:\Program Files\taskbar_shuffle
2015-11-01 18:12 - 2010-03-08 21:43 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-01 18:12 - 2010-03-08 21:43 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-11-01 18:12 - 2009-09-04 22:54 - 00000000 ____D G:\Program Files\SpeedFan
2015-11-01 18:11 - 2015-05-18 16:52 - 00000000 ____D G:\Program Files\MonitorOff
2015-11-01 18:11 - 2009-09-06 20:50 - 00000000 ____D G:\Program Files\AutoShutdown
2015-11-01 18:11 - 2003-06-20 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-01 18:10 - 2015-05-28 12:14 - 00033867 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-01 18:10 - 2012-06-02 17:17 - 00315930 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-11-01 18:10 - 2009-09-05 19:30 - 00000178 ___SH C:\Documents and Settings\username\ntuser.ini
2015-11-01 18:10 - 2009-09-05 19:30 - 00000000 ____D C:\Documents and Settings\username
2015-10-30 18:33 - 2015-10-02 18:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-30 18:33 - 2012-10-06 07:09 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-30 18:33 - 2012-01-27 23:33 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-25 10:55 - 2015-10-03 11:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-10-25 10:29 - 2009-09-05 19:56 - 00000000 ____D C:\Documents and Settings\username\Local Settings\Application Data\Adobe
2015-10-17 10:52 - 2012-12-01 14:44 - 03707230 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-746137067-682003330-1003-0.dat
2015-10-17 09:56 - 2003-06-20 07:00 - 00001452 _____ C:\WINDOWS\win.ini
2015-10-05 19:57 - 2009-09-05 19:21 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-10-04 11:40 - 2009-09-11 07:37 - 00000000 __SHD C:\WINDOWS\CSC

==================== Files in the root of some directories =======

2009-09-20 18:25 - 2010-05-30 16:45 - 0000083 ___SH () C:\Documents and Settings\username\Application Data\.zreglib
2009-09-26 10:36 - 2010-01-14 21:34 - 0000055 _____ () C:\Documents and Settings\username\Application Data\iRotate.INI
2013-01-26 22:12 - 2015-10-03 19:40 - 0000045 _____ () C:\Documents and Settings\username\Application Data\jdm.conf
2009-10-10 07:57 - 2009-11-25 20:48 - 0007680 _____ () C:\Documents and Settings\username\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-16 20:11 - 2009-09-16 20:11 - 0000136 _____ () C:\Documents and Settings\username\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Documents and Settings\username\en_res.dll
C:\Documents and Settings\username\es_res.dll
C:\Documents and Settings\username\fr_res.dll
C:\Documents and Settings\username\grm_res.dll
C:\Documents and Settings\username\it_res.dll
C:\Documents and Settings\username\jp_res.dll
C:\Documents and Settings\username\mfc80u.dll
C:\Documents and Settings\username\msvcr80.dll
C:\Documents and Settings\username\PCPE Setup.exe
C:\Documents and Settings\username\pt_res.dll
C:\Documents and Settings\username\ResourceReader.dll
C:\Documents and Settings\username\ru_res.dll
C:\Documents and Settings\username\zh_res.dll


Some files in TEMP:
====================
C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll
C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-10-2015
Ran by username (2015-11-03 06:00:50)
Running from G:\Data\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-09-06 00:27:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-823518204-746137067-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-823518204-746137067-682003330-1005 - Limited - Enabled)
username (S-1-5-21-823518204-746137067-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\username
Guest (S-1-5-21-823518204-746137067-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-823518204-746137067-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-823518204-746137067-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12noon Display Changer (HKLM\...\12noon Display Changer) (Version: 4.3.1.0 - 12noon)
1st Clock 3.0 RC1 (30-day trial) (HKLM\...\1st Clock_is1) (Version: 3.0 - Green Parrots Software)
3D Fish School 2 Screen Saver (HKLM\...\3D Fish School 2 Screen Saver_is1) (Version: 2.22 - Gelios Software)
7-Zip 4.43 beta (HKLM\...\7-Zip) (Version:  - )
Abound Screensaver 1.0 (HKLM\...\Abound Screensaver_is1) (Version:  - Heroic Virtue Creations)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AeroSnap 0.61 (HKLM\...\{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1) (Version:  - Christian Schoch)
Aftermath 2.0 (inc addon packs A-D) (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Aftermath 2.0 (inc addon packs A-D)) (Version:  - )
AGEIA PhysX v7.07.09 (HKLM\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Algebra 2 7.0 (HKLM\...\alg2) (Version: 7.0 - Homeworkhelp.com)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
Angel Writer 3.1 (HKLM\...\{7A4CFCAC-68DC-4A56-AFCB-DA236E8B363F}_is1) (Version: 3.1 - Angelic Software)
Any Video Converter 3.3.9 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AnyDVD (HKLM\...\AnyDVD) (Version:  - SlySoft)
AnyFolder shell extension (HKLM\...\FoldersDLL) (Version:  - )
A-PDF Restrictions Remover 1.6 (HKLM\...\A-PDF Restrictions Remover_is1) (Version:  - A-PDF Solution)
A-Ray Scanner 2.0.2.3 (HKLM\...\A-Ray Scanner) (Version: 2.0.2.3 - A-Ray Software)
AsfTools 3.1 (remove only) (HKLM\...\AsfTools 3.1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{0928B2C5-0B16-C2FB-7BAE-A25901414687}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
Audacity 1.3.7 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
AutoHotkey 1.0.37.01 (HKLM\...\AutoHotkey) (Version: 1.0.37.01 - Chris Mallett)
AutoShutdown Pro v4.3 (HKLM\...\AutoShutdown Pro v4.3) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.4.2233 - AVAST Software)
Batchrun 4.1 (HKLM\...\Batchrun 4.1) (Version: 4.0 - Outer Technologies)
Battlefield 1861 (HKLM\...\Battlefield 1861) (Version:  - )
Battlefield 1942 (HKLM\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 2™ (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield Vietnam™ (HKLM\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield Vietnam: WW2 Mod (HKLM\...\{F989306B-9287-444F-AE73-E30C7E4AF0F5}) (Version:  - )
Battlegroup42 Vietnam 0.1 Pacific (HKLM\...\Battlegroup42 Vietnam 0.1 Pacific) (Version:  - )
BEAT THE MARKET (HKLM\...\{D5AA8A1B-E8EB-4B3B-8D48-4A5DE7CA0A0A}) (Version: 5.6.2 - Gold Simulations)
Before You Know It 3.6 (HKLM\...\{9CF6C5C0-B884-4ABB-8904-ADA76EC8DDB3}) (Version: 3.6 - Transparent Language, Inc.)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
Beyond Compare Version 2.2.7 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Bf1918 3.0  (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Bf1918 3.0 ) (Version:  - )
BlindBossKey 1.1.3 Lite (HKLM\...\{07F477F3-BBB5-4222-ACDD-05F58700546E}_is1) (Version:  - LifeSniffer)
BlindWrite suite (HKLM\...\BlindWrite Suite_is1) (Version: 4.2.7 - VSO Software)
BlindWrite5 (HKLM\...\BlindWrite 5_is1) (Version: 5.2.24.163 - VSO Software)
Burnout™ Paradise The Ultimate Box (HKLM\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty - United Offensive (HKLM\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision)
Call of Duty - United Offensive (Version: 1.00.0000 - Activision) Hidden
Call of Duty (HKLM\...\Call of Duty) (Version:  - )
Call of Duty® 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty® 2 (Version: 1.2 - Activision) Hidden
Call of Duty® 2 Patch 1.3 (Version: 1.3 - ) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7 - Activision) Hidden
ccc-core-preinstall (Version: 2009.0603.1160.19656 - ATI) Hidden
ccc-core-static (Version: 2009.0603.1160.19656 - ATI) Hidden
ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDCheck (HKLM\...\CDCheck) (Version:  - )
Chemistry 3.5 (HKLM\...\chem) (Version: 3.5 - Homeworkhelp.com)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
College Exam Prep 2004 (HKLM\...\{03B2B595-1ACB-4162-B35E-19D42D32CF75}) (Version: 3.01.0000 - Examprep.us)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConBuilder (HKLM\...\ConBuilder) (Version: 2.7.2.0 - WEIruan)
Copy-Discovery 2000 2.06 (HKLM\...\{39165CF8-0ACA-451F-B1F6-6FB60EB09B00}_is1) (Version:  - Koda)
CPUID CPU-Z 1.52.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Centrale (HKLM\...\Creative Centrale) (Version:  - Creative Technology Ltd.)
Creative Centrale (Version: 1.02.04 - Creative Technology Ltd.) Hidden
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden
Creative ZEN Mozaic User's Guide (HKLM\...\ZENMozaicUG) (Version:  - Creative Technology Ltd.)
CryEngine®2 Sandbox™2 (HKLM\...\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}) (Version: 1.00.0000 - Electronic Arts)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Crysis® SP Demo (HKLM\...\{92AF2F5A-4407-4A03-A80A-5A2582264746}) (Version: 1.00.0000 - Electronic Arts)
CyberPower PowerPanel Personal Edition 1.5.2 (HKLM\...\{5FFA96BB-1C09-4E93-882A-99980DEC650B}) (Version: 1.5.2 - Cyber Power Systems, Inc.)
DaemonScript (HKLM\...\{0A21D2E9-F8A2-4CF9-88D7-E04A1C4C90AE}) (Version: 1.6.2 - Andareed)
DC Realism 1.0 (HKLM\...\DC Realism 1.0) (Version:  - )
DCFX (HKLM\...\DCFX) (Version: 1.a - )
DCXtended .9 (HKLM\...\DCXtended .9) (Version:  - )
Delta Force Black Hawk Down Demo (HKLM\...\Delta Force Black Hawk Down Demo) (Version:  - )
DH Driver Cleaner Professional Edition (HKLM\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
Diskeeper Lite (HKLM\...\{A3F60446-48FB-48A8-B5FC-BB3430AEF806}) (Version: 7.0.418 - Executive Software International, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.30 - Runtime Software)
Dup Detector (HKLM\...\DupDetector) (Version:  - )
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
Easy Tune 6 B09.0515.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.0515.1 (Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.0610.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
EasySync CryptoMonitor (HKLM\...\EasySync CryptoMonitor 2.0.503.0) (Version: 2.0.503.0 - EasySync Solutions)
EasySync CryptoMonitor (Version: 2.0.503.0 - EasySync Solutions) Hidden
Elevated Installer (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ERUNT 1.1h (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eve of Destruction 0.15 (HKLM\...\EoD_0.15) (Version:  - )
Eve of Destruction 2.0 Levels (HKLM\...\Eve of Destruction Levels_is1) (Version: 2.0 - Eve of Destruction)
Eve of Destruction v2.0 (HKLM\...\Eve of Destruction_is1) (Version: 2.0n - Eve of Destruction)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Exact Audio Copy 0.95b4 (HKLM\...\Exact Audio Copy) (Version: 0.95b4 - Andre Wiethoff)
Extra POI Editor (HKLM\...\Extra_POI_Editor) (Version:  - )
Filzip 2.01 (HKLM\...\Filzip 2.0.1.6_is1) (Version: 2.01.6 - Philipp Engel)
foobar2000 v0.9.4.3 (HKLM\...\foobar2000) (Version: 0.9.4.3 - Peter Pawlowski)
Forgotten Honor (HKLM\...\Forgotten Honor_is1) (Version:  - )
Forgotten Hope 0.70 (HKLM\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
Foxreal YouTube FLV Downloader version: 1.0.1.1 (HKLM\...\{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1) (Version:  - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Freemake Video Converter version 3.0.0 (HKLM\...\Freemake Video Converter_is1) (Version: 3.0.0 - Ellora Assets Corporation)
Galactic Conquest Release 5.3 (HKLM\...\Galactic Conquest Mod) (Version: Release 5.3 - Galactic Conquest Mod Team)
Garmin BaseCamp (HKLM\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{29382fb9-c7e9-45a6-a223-db732d64f6a6}) (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}) (Version: 2.7.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geometry 7.0 (HKLM\...\6th) (Version: 7.0 - Homeworkhelp.com)
Google SketchUp 8 (HKLM\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
GTK+ 2.8.18-1 runtime environment (HKLM\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Human 3D LR1n (HKLM\...\{F03538CD-A245-4772-B9F3-655E6DCB34B1}) (Version: 1.00.0000 - ContMedia)
IconArt (HKLM\...\IconArt) (Version: 2.0.1 - ConWare)
ID3 renamer 2.15.15 (HKLM\...\id3renamer.cincura.net_is1) (Version: 2.15.15 - Jiri Cincura)
ID3-TagIT 3 (HKLM\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
ImageMagick 6.7.7-6 Q16 (2012-06-01) (HKLM\...\ImageMagick 6.7.7 Q16_is1) (Version: 6.7.7 - ImageMagick Studio LLC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
JaVaWa Device Manager 2.3 (HKLM\...\{4D700EE8-5A7D-43C1-B4E2-BC8A22B482DD}_is1) (Version: 2.3 - JaVaWa GPS-tools)
Jays Snipping Tool (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\e891758400ca417b) (Version: 1.0.0.12 - Missoula Software)
Karen's Directory Printer (HKLM\...\Karen's Directory Printer) (Version: 5.2.0.6 - Karen Kenworthy)
K-Lite Mega Codec Pack 5.1.6 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.6 - )
LibreOffice 4.4 Help Pack (English (United States)) (HKLM\...\{B50EA0C4-243C-47ED-B48C-C9B461A4018D}) (Version: 4.4.1.2 - The Document Foundation)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Magic 2000 ScreenSaver (HKLM\...\Magic2000) (Version:  - )
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mavis Beacon Platinum - 25th Anniv. Ed. (HKLM\...\{7DCD379D-8420-4A20-9E08-45FA9EFA7EBA}) (Version: 21.00.0000 - Broderbund)
MaXimus DVD Version 1.2 (HKLM\...\ST6UNST #1) (Version:  - )
Maxwell for SketchUp 8 (Standalone) (HKLM\...\{756EBD0B-E4EB-468B-9C7F-42C1FB91AEF6}) (Version: 2.7.22 - Next Limit Technologies)
Medal of Honor Airborne (HKLM\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Medal of Honor Allied Assault (HKLM\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Medal of Honor Allied Assault™ Breakthrough (HKLM\...\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}) (Version:  - )
Medal of Honor Allied Assault™ Breakthrough Patch v2.40 (HKLM\...\{DF9046D6-5F1F-40B6-9782-3DC2D902D391}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead (HKLM\...\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead (HKLM\...\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead Patch 2.15 (HKLM\...\{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}) (Version:  - )
Medal of Honor Pacific Assault™ (HKLM\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Medal of Honor Pacific Assault™ Patch2 (HKLM\...\{824539D7-D27E-4CC3-B36F-6404B5EB726B}) (Version: 1.0 - Electronic Arts)
MediaMonkey 3.0 (HKLM\...\MediaMonkey_is1) (Version: 3.0 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Encarta Encyclopedia 2000 (HKLM\...\Encarta Encyclopedia 2000 A) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM\...\Train Simulator 1.0) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Mp3 Tag Tools v1.2 (HKLM\...\mtt12) (Version:  - )
Mp3tag v2.48 (HKLM\...\Mp3tag) (Version: v2.48 - Florian Heidenreich)
MSTS Patch 1.8.0521 EN (HKLM\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero Media Player (HKLM\...\NMPUninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Norton PartitionMagic (Version: 8.05.000 - Symantec) Hidden
Norton PartitionMagic 8.0 (HKLM\...\InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}) (Version: 8.05.000 - Symantec)
Norwegian Resistance Hotfix 0.86 (HKLM\...\Norwegian Resistance Hotfix 0.86) (Version:  - )
Norwegian Resistance v0.85 (HKLM\...\Norwegian Resistance v0.85) (Version:  - )
Norwegian Resistance v0.86b Hotfixhotfix (HKLM\...\Norwegian Resistance v0.86b Hotfixhotfix) (Version:  - )
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Linspire Inc.)
OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)
Opera 10.10 (HKLM\...\{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}) (Version: 10.10 - Opera Software ASA)
Paint Shop Pro 7 Try And Buy (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
PanaVue ImageAssembler (HKLM\...\PanaVue ImageAssembler) (Version:  - )
PANZERS DEMO #2 (HKLM\...\PANZERS DEMO #2) (Version:  - )
PaperPort 7.02 (HKLM\...\PaperPort 7.02) (Version:  - )
PDF Password Remover v2.1 (HKLM\...\PDF Password Remover v2.1_is1) (Version:  - verypdf.com Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.5 - Frank Heindörfer, Philip Chinery)
pdfsam (HKLM\...\pdfsam) (Version: 1.0.1 - )
PE Builder 3.1.10a (HKLM\...\PE Builder_is1) (Version:  - Bart Lagerweij)
PhenomMsrTweaker (HKLM\...\{7FB8C701-194B-4214-A527-7B1DBB6442FA}) (Version: 1.2.2 - Martin Kinkelin)
Physics I 3.5 (HKLM\...\phy1) (Version: 3.5 - Homeworkhelp.com)
Planetarium (HKLM\...\Planetarium) (Version:  - )
PoE v1.0.0.0 (HKLM\...\PoE) (Version: 1.0.0.0 - Point of Existence)
PriceSparrow (HKLM\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION
PS Tray Factory 3.2 (HKLM\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
PS/2 Rate Adjuster PLUS (HKLM\...\PS/2 Rate Adjuster PLUS_is1) (Version:  - )
PunkBuster for Battlefield Vietnam (HKLM\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
RAR Password Recovery Magic v6.1.1.232 (HKLM\...\RAR Password Recovery Magic_is1) (Version:  - Password Recovery Magic Studio Ltd.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5919 - Realtek Semiconductor Corp.)
RegSupreme 1.3 (HKLM\...\RegSupreme_is1) (Version:  - )
RegWorks 1.3.4 (HKLM\...\RegWorks_is1) (Version:  - RegWorks Software, Inc.)
SereneScreen Marine Aquarium 2.6 (HKLM\...\SereneScreen Marine Aquarium 2.6_is1) (Version: 2.6 - Prolific Publishing, Inc.)
Signature995 (HKLM\...\Signature995) (Version:  - )
SiSoftware Sandra Lite 2009.SP4 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1) (Version: 15.124.2009.9 - SiSoftware)
Skins (Version: 2009.0603.1160.19656 - ATI) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Star Trek Armada II DEMO (HKLM\...\Star Trek Armada II DEMO) (Version:  - )
Star Trek Bridge Commander (HKLM\...\Bridge Commander) (Version:  - )
Star Trek Legacy (HKLM\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Legacy Patch v1.1 (HKLM\...\{CF937220-C6A5-438F-AB5C-8C7CD5F6DEA3}) (Version: 1.10.0000 - Bethesda Softworks)
Star Trek Legacy Patch v1.2 (HKLM\...\{A0595C97-DB17-429D-AB24-8594019B9A6C}) (Version: 1.20.0000 - Bethesda Softworks)
Star Trek Voyager Elite Force Demo (HKLM\...\{05AE3000-4385-11D4-87A3-00A0C98CB762}) (Version:  - )
Star Trek: Armada Demo (HKLM\...\Activision_StarTrekArmadaDemoUninstallKey) (Version:  - )
Star Wars Battlefront (HKLM\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Stargate Single Player (HKLM\...\Stargate Single Player) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Train Store V3.2 (HKLM\...\Train Store V3.2) (Version:  - )
Trigonometry 7.0 (HKLM\...\TRIG) (Version: 7.0 - Homeworkhelp.com)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
uberOptions 4.60.4 (HKLM\...\uberOptions) (Version: 4.60.4 - Richard L. Owens)
Unlocker 1.8.1 (HKLM\...\Unlocker) (Version: 1.8.1 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
US Government 1.5 (HKLM\...\usg) (Version: 1.5 - Homeworkhelp.com)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
ViGlance (HKLM\...\ViGlance) (Version: 1.0.0.1306 - Lee-Soft.com)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VistaSwitcher (HKLM\...\VistaSwitcher) (Version: 1.1.5 - NTWind Software)
Visual Install Pack (HKLM\...\{F7988B35-38CE-4432-ABF3-4FCAB533AE0C}) (Version: 81.21 - Phoenixx1771)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VP-Man (HKLM\...\VPMan_is1) (Version:  - c00l cODINGs)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.9.0.0 - Azureus Software, Inc.)
W311U (HKLM\...\{36BD5CFB-D7E8-4A33-B037-A5238616E74D}) (Version: 1.00.0000 - Tenda)
Washington, DC #1 (HKLM\...\Washington, DC #1) (Version:  - )
Washington, DC #2 (HKLM\...\Washington, DC #2) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\WinDirStat) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
Writing Master 1.5 (HKLM\...\writing) (Version: 1.5 - Homeworkhelp.com)
XAce Plus v2.6 (HKLM\...\XAce Plus v2.6) (Version:  - )
XBCD 1.07 (HKLM\...\XBCD) (Version: 1.07 - Redcl0ud)
XnView 1.92 (HKLM\...\XnView_is1) (Version: 1.92 - Gougelet Pierre-e)
XP16 (HKLM\...\{DFE146DD-8526-4BC7-A9E7-B8E8A220C776}) (Version: 1.00.0000 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-07-2015 17:31:59 Removed PowerChute Personal Edition 3.0.2
10-07-2015 18:26:42 Installed CyberPower PowerPanel Personal Edition 1.5.2
11-07-2015 18:48:59 System Checkpoint
12-07-2015 19:23:29 System Checkpoint
14-07-2015 18:18:41 System Checkpoint
15-07-2015 18:25:31 System Checkpoint
17-07-2015 16:13:00 System Checkpoint
18-07-2015 20:59:45 System Checkpoint
20-07-2015 18:05:13 System Checkpoint
21-07-2015 18:59:20 System Checkpoint
22-07-2015 19:23:25 System Checkpoint
23-07-2015 19:43:19 System Checkpoint
25-07-2015 17:58:50 System Checkpoint
26-07-2015 18:34:53 System Checkpoint
27-07-2015 19:30:34 System Checkpoint
28-07-2015 20:02:57 System Checkpoint
29-07-2015 20:10:41 System Checkpoint
31-07-2015 13:28:19 System Checkpoint
01-08-2015 17:40:34 System Checkpoint
02-08-2015 18:38:46 System Checkpoint
03-08-2015 18:42:15 System Checkpoint
05-08-2015 18:29:21 System Checkpoint
06-08-2015 18:38:55 System Checkpoint
11-08-2015 09:24:42 Restore Operation
11-08-2015 10:40:05 Restore Operation
11-08-2015 11:01:07 Restore Operation
11-08-2015 11:13:09 Restore Operation
24-09-2015 18:58:42 Removed PhenomMsrTweaker
24-09-2015 18:59:03 Removed PhenomMsrTweaker
24-09-2015 19:00:12 Installed PhenomMsrTweaker
24-09-2015 19:06:48 Removed PhenomMsrTweaker
24-09-2015 19:08:06 Installed PhenomMsrTweaker
25-09-2015 10:38:13 pre-emsisoft
25-09-2015 10:57:57 avast! antivirus system restore point
25-09-2015 11:00:13 Installed Windows XP Wdf01009.
25-09-2015 11:07:14 avast! antivirus system restore point
03-10-2015 11:23:31 Removed Java 8 Update 45
03-10-2015 11:48:23 Installed EasySync CryptoMonitor
20-10-2015 19:08:34 Monopoly v2.00.101 Crack - By Maggot Brain Installation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-06-20 07:00 - 2011-09-21 17:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => G:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 17:56 - 2015-09-25 10:58 - 00103376 _____ () G:\Program Files\AVAST Software\Avast\log.dll
2015-07-09 17:56 - 2015-09-25 10:58 - 00123976 _____ () G:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-01 12:01 - 2015-11-01 12:01 - 03014096 _____ () G:\Program Files\AVAST Software\Avast\defs\15110100\algo.dll
2011-03-26 18:32 - 2010-04-26 01:18 - 00053248 _____ () G:\program files\PS Tray Factory\HKDll.dll
2010-05-31 12:05 - 1999-04-22 19:22 - 00003584 _____ () G:\program files\WKeyKill\WKeyKill.dll
2011-04-26 18:02 - 2008-04-13 14:32 - 00165376 _____ () G:\program files\taskbar_shuffle\tbhookin.dll
2009-09-06 20:51 - 2003-10-06 09:31 - 00069632 _____ () G:\program files\AutoShutdown\ASIdle.dll
2011-10-07 04:41 - 2011-10-07 04:41 - 00879896 _____ () G:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-03-14 20:35 - 2015-09-25 10:58 - 40539648 _____ () G:\Program Files\AVAST Software\Avast\libcef.dll
2009-03-19 02:15 - 2009-03-19 02:15 - 00113664 _____ () G:\program files\PhenomMsrTweaker\PhenomMsrTweaker.exe
2015-10-03 13:26 - 2015-11-01 18:12 - 00172032 _____ () C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll
2015-10-03 13:26 - 2015-11-01 18:12 - 00192512 _____ () C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll
2013-05-17 20:21 - 2008-12-06 18:32 - 00886784 _____ () G:\program files\AeroSnap\AeroSnap.exe
2013-05-17 20:21 - 2008-12-06 18:31 - 00046080 _____ () G:\program files\AeroSnap\AeroSnap.Application.dll
2015-09-24 18:49 - 2010-02-05 11:29 - 00065536 _____ () G:\PortableApps\SunbirdPortable\Data\profile\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2009-09-07 09:40 - 2010-03-15 11:28 - 00141824 _____ () G:\Program Files\WinRAR\rarext.dll
2006-09-15 01:07 - 2006-09-15 01:07 - 00143872 _____ () G:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-823518204-746137067-682003330-1003\Control Panel\Desktop\\Wallpaper -> G:\program files\Wallpaper Master\wallImageusername.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Enabled:Torch
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Enabled:hola_plugin.exe
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Enabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield 1942\BF1942.exe] => Disabled:BF1942
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield Vietnam\bfvietnam.exe] => Disabled:bfvietnam
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield 2\bf2_w32ded.exe] => Disabled:bf2_w32ded
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\MOHAA\MOHAA.exe] => Disabled:Medal of Honor Allied Assault
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\MOHAA\moh_spearhead.exe] => Disabled:Medal of Honor Allied Assault™ Spearhead
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\MOHAA\moh_Breakthrough.exe] => Disabled:Medal of Honor Allied Assault™ Breakthrough
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe] => Disabled:Medal of Honor Pacific Assault™
StandardProfile\AuthorizedApplications: [G:\program files\Firefox\App\Firefox\firefox.exe] => Enabled:Firefox
StandardProfile\AuthorizedApplications: [G:\program files\Mozilla Sunbird\sunbird.exe] => Disabled:Sunbird
StandardProfile\AuthorizedApplications: [G:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe] => Disabled:SiSoftware Deployment Agent Service
StandardProfile\AuthorizedApplications: [G:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe] => Disabled:SiSoftware Sandra Agent Service
StandardProfile\AuthorizedApplications: [G:\program files\windows media player\wmplayer.exe] => Disabled:Windows Media Player
StandardProfile\AuthorizedApplications: [G:\program files\Foolish IT\CryptoPrevent\CryptoPrevent.exe] => Enabled:CryptoPrevent.exe
StandardProfile\AuthorizedApplications: [G:\Program Files\AVG\AVG10\avgmfapx.exe] => Disabled:AVG Installer
StandardProfile\AuthorizedApplications: [G:\program files\Vuze\Azureus.exe] => Disabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield 2\BF2.exe] => Disabled:Battlefield 2
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe] => Disabled:Burnout™ Paradise The Ultimate Box
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe] => Disabled:Burnout™ Paradise The Ultimate Box
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe] => Disabled:Burnout™ Paradise The Ultimate Box
StandardProfile\AuthorizedApplications: [G:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe] => Disabled:Call of Duty® 4 - Modern Warfare™
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe] => Disabled:Crysis_32_sp_demo
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Disabled:hola_plugin.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Disabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [G:\program files\JDownloader_PortableApps\CommonFiles\Java\bin\javaw.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [G:\program files\Java\jre6\bin\javaw.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [G:\PortableApps\LibreOfficePortable\App\libreoffice\program\soffice.bin] => Disabled:LibreOffice
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe] => Disabled:Medal of Honor Airborne
StandardProfile\AuthorizedApplications: [G:\program files\operator\Opera\opera.exe] => Disabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [G:\program files\Opera\opera.exe] => Disabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Disabled:Torch

==================== Faulty Device Manager Devices =============

Name: VAXSCSI Controller
Description: VAXSCSI Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: vaxscsi
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: AL29FC3X IDE Controller
Description: AL29FC3X IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: aegcd7os
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2015 08:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (09/24/2015 07:11:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (09/24/2015 06:59:02 PM) (Source: MsiInstaller) (EventID: 11721) (User: US-426F0D755718)
Description: Product: PhenomMsrTweaker -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _F5CB094F_BC85_47E0_A404_860FF0D9B470, location: G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe, command: -u (NULL)(NULL)(NULL)(NULL)

Error: (09/24/2015 06:58:42 PM) (Source: MsiInstaller) (EventID: 11721) (User: US-426F0D755718)
Description: Product: PhenomMsrTweaker -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _F5CB094F_BC85_47E0_A404_860FF0D9B470, location: G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe, command: -u (NULL)(NULL)(NULL)(NULL)

Error: (09/16/2015 05:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 15.9.2015.0, faulting module version.dll, version 5.1.2600.5512, fault address 0x00001ddc.
Processing media-specific event for [frst.exe!ws!]

Error: (08/07/2015 08:05:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Show Desktop.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceException
Stack:
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at show_desktop.My.MyApplication.Main(System.String[])

Error: (07/13/2015 06:18:33 PM) (Source: .NET Runtime) (EventID: 1027) (User: )
Description: Application: Show Desktop.exe
Framework Version: v4.0.30319
Description: The process was terminated due to stack overflow.

Error: (07/10/2015 05:27:50 PM) (Source: APC UPS Service) (EventID: 28688) (User: NT AUTHORITY)
Description:


System errors:
=============
Error: (10/30/2015 06:34:34 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/17/2015 05:54:52 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/17/2015 10:54:43 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2015 10:53:58 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2015 10:53:34 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (10/14/2015 05:49:20 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/03/2015 11:26:19 AM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/03/2015 11:22:04 AM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/25/2015 11:03:55 AM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/24/2015 07:06:02 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 38%
Total physical RAM: 1790.42 MB
Available physical RAM: 1102 MB
Total Virtual: 3684.11 MB
Available Virtual: 3134.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:29.29 GB) (Free:9.2 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (CRUZER) (Removable) (Total:0.95 GB) (Free:0.12 GB) FAT32
Drive g: (Programs) (Fixed) (Total:436.46 GB) (Free:12.17 GB) NTFS
Drive i: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 95CB95CB)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 977.5 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=977 MB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: 69FC7055)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================



#5 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 November 2015 - 08:49 AM

Later run:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-2015
Ran by username (administrator) on computername (03-11-2015 17:52:27)
Running from G:\Data\Desktop
Loaded Profiles: username (Available Profiles: username)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) G:\program files\AVAST Software\Avast\AvastSvc.exe
(PS Soft Lab) G:\program files\PS Tray Factory\PSTrayFactory.exe
(Barefoot Productions, Inc.) G:\PROGRA~1\AUTOSH~1\AS_Service.exe
(Malwarebytes Corporation) G:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Barefoot Productions, Inc.) G:\PROGRA~1\AUTOSH~1\AutoShutdown.exe
(Logitech, Inc.) G:\program files\Logitech\SetPointP\SetPoint.exe
(AVAST Software) G:\program files\AVAST Software\Avast\AvastUI.exe
(Cyber Power Systems, Inc.) G:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Malwarebytes Corporation) G:\program files\Malwarebytes Anti-Exploit\mbae.exe
(Dekisoft) G:\program files\MonitorOff\monoff.exe
(EasySync Solutions) G:\program files\EasySync Solutions\EasySync CryptoMonitor\CryptoMonitor.exe
(Logitech, Inc.) G:\program files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Cyber Power Systems, Inc.) G:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\WINDOWS\system32\locator.exe
(Stoic Joker's Network) G:\program files\TClockEx\Win32\Clock.exe
(Rocket Division Software) G:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
(James Garton) G:\program files\Wallpaper Master\Wallpaper.exe
(EnTech Taiwan) C:\MultiRes\MultiRes.exe
(Brad Jackson) G:\program files\WKeyKill\WKeyKill.exe
(Jay Elaraj) G:\program files\taskbar_shuffle\taskbarshuffle.exe
(Almico Software (www.almico.com)) G:\program files\SpeedFan\speedfan.exe
(Ceiiular) G:\program files\Show Desktop\Show Desktop.exe
(NTWind Software) G:\program files\VistaSwitcher\vswitch.exe
() G:\program files\AeroSnap\AeroSnap.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(PortableApps.com) G:\PortableApps\LibreOfficePortable\LibreOfficePortable.exe
(The Document Foundation) G:\PortableApps\LibreOfficePortable\App\libreoffice\program\soffice.exe
(Mozilla) G:\PortableApps\SunbirdPortable\App\sunbird\sunbird.exe
(LifeSniffer) G:\program files\BBK\BBK.exe
(The Document Foundation) G:\PortableApps\LibreOfficePortable\App\libreoffice\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
() G:\program files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
() G:\program files\PhenomMsrTweaker\PhenomMsrTweaker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrayFactory] => G:\program files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKLM\...\Run: [AutoShutdown] => G:\program files\AutoShutdown\AutoShutdown.exe [631808 2003-10-06] (Barefoot Productions, Inc.)
HKLM\...\Run: [EvtMgr6] => G:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => G:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-25] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => G:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [379280 2015-06-08] (Cyber Power Systems, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => G:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM\...\RunOnce: [PSTF] => G:\program files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-05-27] (ATI Technologies Inc.)
HKU\S-1-5-19\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Run: [DAEMON Tools Lite] => G:\Program Files\DAEMON Tools\DTLite.exe -autorun
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Run: [Dekisoft Monitor Off Utility] => G:\program files\MonitorOff\monoff.exe [430592 2009-08-31] (Dekisoft)
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Run: [CryptoMonitorSU] => G:\Program Files\EasySync Solutions\EasySync CryptoMonitor\CryptoMonitor.exe [2028296 2015-06-30] (EasySync Solutions)
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoStrCmpLogical] 0x01000000
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFF03
HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-823518204-746137067-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\Washingt.scr [12570681 2011-04-10] ()
HKU\S-1-5-18\...\Run: [20090604] => G:\Program Files\Broderbund\Mavis Beacon Platinum - 25th Anniversary Edition\RegApp\encore_reg.exe [102522 2009-06-12] (DataLode, Inc.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x43010000
HKU\S-1-5-18\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoUserNameInStartMenu] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => G:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-25] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to startup.brs.lnk [2011-04-28]
ShortcutTarget: Shortcut to startup.brs.lnk -> G:\program files\Batchrun\startup.brs ()
BootExecute: autocheck autochk /k:F *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-823518204-746137067-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272050581828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - G:\program files\Belarc\Advisor\System\BAVoilaX.dll [2009-06-25] (Belarc, Inc.)
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - G:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll [1999-07-02] (Microsoft Corporation)
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - G:\program files\BEAT THE MARKET\OWC10.DLL [2002-06-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\mk8rr51w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> G:\Program Files\DivX\DivX Web Player\npdivx32.dll [2008-10-06] (DivX,Inc.)
FF Plugin: @garmin.com/GpsControl -> G:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> g:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> G:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> G:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> G:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> G:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> G:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> G:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\mfc71.dll [2003-03-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\msvcr71.dll [2003-02-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-05-17] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010-04-11] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: G:\Program Files\mozilla firefox\plugins\npmfv.dll [2009-08-15] (IBM Corporation)
FF Extension: Java Console - G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-08] [not signed]
StartMenuInternet: FIREFOX.EXE - G:\program files\Firefox\App\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AutoShutdown; G:\program files\AutoShutdown\AS_Service.exe [143872 2003-10-06] (Barefoot Productions, Inc.) [File not signed]
R2 avast! Antivirus; G:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-25] (AVAST Software)
S3 CTUPnPSv; G:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 Diskeeper; G:\Program Files\Executive Software\DiskeeperLite\DKService.exe [176128 2002-10-16] (Executive Software International, Inc.) [File not signed]
S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()
S3 IDriverT; G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LBTServ; G:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [295192 2011-09-27] (Logitech, Inc.)
R2 MbaeSvc; G:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; G:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PhenomMsrTweaker; G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [19456 2009-03-19] () [File not signed]
R2 ppped; G:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1071504 2015-06-08] (Cyber Power Systems, Inc.)
R2 StarWindService; G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software) [File not signed]
S3 WMPNetworkSvc; G:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2009-01-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-04-23] (Meetinghouse Data Communications) [File not signed]
R0 ahcix86; C:\WINDOWS\System32\DRIVERS\ahcix86.sys [189968 2009-09-02] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [19200 2006-06-09] (SlySoft, Inc.) [File not signed]
S4 AODDriver; C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [7168 2009-02-22] () [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-09-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-09-25] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-09-25] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-25] (AVAST Software)
S4 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-03-06] () [File not signed]
R2 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-05-07] (Disc Soft Ltd)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [27392 2005-05-03] (SlySoft, Inc.) [File not signed]
R2 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [8064 2006-04-21] (Elaborate Bytes AG) [File not signed]
R3 ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [4608 2005-04-12] (Elaborate Bytes AG) [File not signed]
R1 ESProtectionDriver; G:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
S4 etdrv; C:\WINDOWS\etdrv.sys [17488 2009-09-11] (Windows ® 2000 DDK provider)
S4 gdrv; C:\WINDOWS\gdrv.sys [17488 2010-10-12] (Windows ® 2000 DDK provider)
S4 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 Pcatip; C:\WINDOWS\System32\DRIVERS\Pcatip.sys [25088 2002-12-11] (VSO Software) [File not signed]
R3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [47360 2009-09-20] (VSO Software) [File not signed]
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [580096 2008-06-10] (Ralink Technology, Corp.) [File not signed]
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [3734976 2009-06-24] (Realtek Semiconductor Corp.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [329384 2015-05-07] (Duplex Secure Ltd.)
S4 vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [223128 2009-09-20] (Alcohol Soft Co., Ltd.)
R0 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [24320 2006-04-22] (Elaborate Bytes AG) [File not signed]
R3 WinRing0_1_2_0; G:\program files\PhenomMsrTweaker\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)
U3 a7efyecq; C:\WINDOWS\system32\Drivers\a7efyecq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 UnlockerDriver5; G:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-03-03] () [File not signed]
U3 ac1oo1h7; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 08:49 - 2015-11-03 17:43 - 00002501 _____ C:\Documents and Settings\All Users\Start Menu\Programs\PhenomMsrTweaker.lnk
2015-10-18 10:28 - 2015-10-18 10:28 - 00000000 ____D C:\Documents and Settings\username\Application Data\gambatte
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\username\Desktop\&nxmuloklsjtmjklwkxexx
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\username\AAODFxcvaklsjtmjklwkxelssz
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\^xcvaklsjtmjklwkxelssz
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\%hualklsjtmjklwkxerswa
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\!mwrklsjtmjklwkxebrutp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 17:52 - 2015-08-11 09:26 - 00000000 ____D C:\FRST
2015-11-03 17:52 - 2011-09-05 09:25 - 00000000 ____D C:\Documents and Settings\username\Local Settings\temp
2015-11-03 17:43 - 2015-09-24 19:08 - 00000000 ____D G:\Program Files\PhenomMsrTweaker
2015-11-03 17:39 - 2015-05-28 12:14 - 00035531 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-03 13:04 - 2009-09-05 15:17 - 00602280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-03 13:03 - 2009-10-09 10:49 - 00000000 ____D C:\Documents and Settings\username\Application Data\Mozilla
2015-11-03 13:01 - 2011-04-26 18:02 - 00000000 ____D G:\Program Files\taskbar_shuffle
2015-11-03 13:01 - 2009-09-04 22:54 - 00000000 ____D G:\Program Files\SpeedFan
2015-11-03 13:00 - 2015-07-10 18:26 - 00000000 ____D G:\Program Files\CyberPower PowerPanel Personal Edition
2015-11-03 13:00 - 2015-05-18 16:52 - 00000000 ____D G:\Program Files\MonitorOff
2015-11-03 13:00 - 2010-03-08 21:43 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-03 13:00 - 2010-03-08 21:43 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-11-03 13:00 - 2009-09-06 20:50 - 00000000 ____D G:\Program Files\AutoShutdown
2015-11-03 13:00 - 2003-06-20 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-03 12:59 - 2012-06-02 17:17 - 00315930 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-11-03 12:59 - 2009-09-05 19:30 - 00000178 ___SH C:\Documents and Settings\username\ntuser.ini
2015-11-03 12:59 - 2009-09-05 19:30 - 00000000 ____D C:\Documents and Settings\username
2015-11-03 11:03 - 2015-10-03 11:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-10-30 18:33 - 2015-10-02 18:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-30 18:33 - 2012-10-06 07:09 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-30 18:33 - 2012-01-27 23:33 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-25 10:29 - 2009-09-05 19:56 - 00000000 ____D C:\Documents and Settings\username\Local Settings\Application Data\Adobe
2015-10-17 10:52 - 2012-12-01 14:44 - 03707230 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-746137067-682003330-1003-0.dat
2015-10-17 09:56 - 2003-06-20 07:00 - 00001452 _____ C:\WINDOWS\win.ini
2015-10-05 19:57 - 2009-09-05 19:21 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-10-04 11:40 - 2009-09-11 07:37 - 00000000 __SHD C:\WINDOWS\CSC

==================== Files in the root of some directories =======

2009-09-20 18:25 - 2010-05-30 16:45 - 0000083 ___SH () C:\Documents and Settings\username\Application Data\.zreglib
2009-09-26 10:36 - 2010-01-14 21:34 - 0000055 _____ () C:\Documents and Settings\username\Application Data\iRotate.INI
2013-01-26 22:12 - 2015-10-03 19:40 - 0000045 _____ () C:\Documents and Settings\username\Application Data\jdm.conf
2009-10-10 07:57 - 2009-11-25 20:48 - 0007680 _____ () C:\Documents and Settings\username\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-16 20:11 - 2009-09-16 20:11 - 0000136 _____ () C:\Documents and Settings\username\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Documents and Settings\username\en_res.dll
C:\Documents and Settings\username\es_res.dll
C:\Documents and Settings\username\fr_res.dll
C:\Documents and Settings\username\grm_res.dll
C:\Documents and Settings\username\it_res.dll
C:\Documents and Settings\username\jp_res.dll
C:\Documents and Settings\username\mfc80u.dll
C:\Documents and Settings\username\msvcr80.dll
C:\Documents and Settings\username\PCPE Setup.exe
C:\Documents and Settings\username\pt_res.dll
C:\Documents and Settings\username\ResourceReader.dll
C:\Documents and Settings\username\ru_res.dll
C:\Documents and Settings\username\zh_res.dll


Some files in TEMP:
====================
C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll
C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-10-2015
Ran by username (2015-11-03 17:52:58)
Running from G:\Data\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-09-06 00:27:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-823518204-746137067-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-823518204-746137067-682003330-1005 - Limited - Enabled)
username (S-1-5-21-823518204-746137067-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\username
Guest (S-1-5-21-823518204-746137067-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-823518204-746137067-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-823518204-746137067-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12noon Display Changer (HKLM\...\12noon Display Changer) (Version: 4.3.1.0 - 12noon)
1st Clock 3.0 RC1 (30-day trial) (HKLM\...\1st Clock_is1) (Version: 3.0 - Green Parrots Software)
3D Fish School 2 Screen Saver (HKLM\...\3D Fish School 2 Screen Saver_is1) (Version: 2.22 - Gelios Software)
7-Zip 4.43 beta (HKLM\...\7-Zip) (Version:  - )
Abound Screensaver 1.0 (HKLM\...\Abound Screensaver_is1) (Version:  - Heroic Virtue Creations)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AeroSnap 0.61 (HKLM\...\{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1) (Version:  - Christian Schoch)
Aftermath 2.0 (inc addon packs A-D) (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Aftermath 2.0 (inc addon packs A-D)) (Version:  - )
AGEIA PhysX v7.07.09 (HKLM\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Algebra 2 7.0 (HKLM\...\alg2) (Version: 7.0 - Homeworkhelp.com)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
Angel Writer 3.1 (HKLM\...\{7A4CFCAC-68DC-4A56-AFCB-DA236E8B363F}_is1) (Version: 3.1 - Angelic Software)
Any Video Converter 3.3.9 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AnyDVD (HKLM\...\AnyDVD) (Version:  - SlySoft)
AnyFolder shell extension (HKLM\...\FoldersDLL) (Version:  - )
A-PDF Restrictions Remover 1.6 (HKLM\...\A-PDF Restrictions Remover_is1) (Version:  - A-PDF Solution)
A-Ray Scanner 2.0.2.3 (HKLM\...\A-Ray Scanner) (Version: 2.0.2.3 - A-Ray Software)
AsfTools 3.1 (remove only) (HKLM\...\AsfTools 3.1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{0928B2C5-0B16-C2FB-7BAE-A25901414687}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
Audacity 1.3.7 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
AutoHotkey 1.0.37.01 (HKLM\...\AutoHotkey) (Version: 1.0.37.01 - Chris Mallett)
AutoShutdown Pro v4.3 (HKLM\...\AutoShutdown Pro v4.3) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.4.2233 - AVAST Software)
Batchrun 4.1 (HKLM\...\Batchrun 4.1) (Version: 4.0 - Outer Technologies)
Battlefield 1861 (HKLM\...\Battlefield 1861) (Version:  - )
Battlefield 1942 (HKLM\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 2™ (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield Vietnam™ (HKLM\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield Vietnam: WW2 Mod (HKLM\...\{F989306B-9287-444F-AE73-E30C7E4AF0F5}) (Version:  - )
Battlegroup42 Vietnam 0.1 Pacific (HKLM\...\Battlegroup42 Vietnam 0.1 Pacific) (Version:  - )
BEAT THE MARKET (HKLM\...\{D5AA8A1B-E8EB-4B3B-8D48-4A5DE7CA0A0A}) (Version: 5.6.2 - Gold Simulations)
Before You Know It 3.6 (HKLM\...\{9CF6C5C0-B884-4ABB-8904-ADA76EC8DDB3}) (Version: 3.6 - Transparent Language, Inc.)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
Beyond Compare Version 2.2.7 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Bf1918 3.0  (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\Bf1918 3.0 ) (Version:  - )
BlindBossKey 1.1.3 Lite (HKLM\...\{07F477F3-BBB5-4222-ACDD-05F58700546E}_is1) (Version:  - LifeSniffer)
BlindWrite suite (HKLM\...\BlindWrite Suite_is1) (Version: 4.2.7 - VSO Software)
BlindWrite5 (HKLM\...\BlindWrite 5_is1) (Version: 5.2.24.163 - VSO Software)
Burnout™ Paradise The Ultimate Box (HKLM\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty - United Offensive (HKLM\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision)
Call of Duty - United Offensive (Version: 1.00.0000 - Activision) Hidden
Call of Duty (HKLM\...\Call of Duty) (Version:  - )
Call of Duty® 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty® 2 (Version: 1.2 - Activision) Hidden
Call of Duty® 2 Patch 1.3 (Version: 1.3 - ) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7 - Activision) Hidden
ccc-core-preinstall (Version: 2009.0603.1160.19656 - ATI) Hidden
ccc-core-static (Version: 2009.0603.1160.19656 - ATI) Hidden
ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDCheck (HKLM\...\CDCheck) (Version:  - )
Chemistry 3.5 (HKLM\...\chem) (Version: 3.5 - Homeworkhelp.com)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
College Exam Prep 2004 (HKLM\...\{03B2B595-1ACB-4162-B35E-19D42D32CF75}) (Version: 3.01.0000 - Examprep.us)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ConBuilder (HKLM\...\ConBuilder) (Version: 2.7.2.0 - WEIruan)
Copy-Discovery 2000 2.06 (HKLM\...\{39165CF8-0ACA-451F-B1F6-6FB60EB09B00}_is1) (Version:  - Koda)
CPUID CPU-Z 1.52.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Centrale (HKLM\...\Creative Centrale) (Version:  - Creative Technology Ltd.)
Creative Centrale (Version: 1.02.04 - Creative Technology Ltd.) Hidden
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative Software Update (Version: 1.00.14 - Creative Technology Ltd.) Hidden
Creative ZEN Mozaic User's Guide (HKLM\...\ZENMozaicUG) (Version:  - Creative Technology Ltd.)
CryEngine®2 Sandbox™2 (HKLM\...\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}) (Version: 1.00.0000 - Electronic Arts)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Crysis® SP Demo (HKLM\...\{92AF2F5A-4407-4A03-A80A-5A2582264746}) (Version: 1.00.0000 - Electronic Arts)
CyberPower PowerPanel Personal Edition 1.5.2 (HKLM\...\{5FFA96BB-1C09-4E93-882A-99980DEC650B}) (Version: 1.5.2 - Cyber Power Systems, Inc.)
DaemonScript (HKLM\...\{0A21D2E9-F8A2-4CF9-88D7-E04A1C4C90AE}) (Version: 1.6.2 - Andareed)
DC Realism 1.0 (HKLM\...\DC Realism 1.0) (Version:  - )
DCFX (HKLM\...\DCFX) (Version: 1.a - )
DCXtended .9 (HKLM\...\DCXtended .9) (Version:  - )
Delta Force Black Hawk Down Demo (HKLM\...\Delta Force Black Hawk Down Demo) (Version:  - )
DH Driver Cleaner Professional Edition (HKLM\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
Diskeeper Lite (HKLM\...\{A3F60446-48FB-48A8-B5FC-BB3430AEF806}) (Version: 7.0.418 - Executive Software International, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.30 - Runtime Software)
Dup Detector (HKLM\...\DupDetector) (Version:  - )
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
Easy Tune 6 B09.0515.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.0515.1 (Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.0610.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
EasySync CryptoMonitor (HKLM\...\EasySync CryptoMonitor 2.0.503.0) (Version: 2.0.503.0 - EasySync Solutions)
EasySync CryptoMonitor (Version: 2.0.503.0 - EasySync Solutions) Hidden
Elevated Installer (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ERUNT 1.1h (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eve of Destruction 0.15 (HKLM\...\EoD_0.15) (Version:  - )
Eve of Destruction 2.0 Levels (HKLM\...\Eve of Destruction Levels_is1) (Version: 2.0 - Eve of Destruction)
Eve of Destruction v2.0 (HKLM\...\Eve of Destruction_is1) (Version: 2.0n - Eve of Destruction)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Exact Audio Copy 0.95b4 (HKLM\...\Exact Audio Copy) (Version: 0.95b4 - Andre Wiethoff)
Extra POI Editor (HKLM\...\Extra_POI_Editor) (Version:  - )
Filzip 2.01 (HKLM\...\Filzip 2.0.1.6_is1) (Version: 2.01.6 - Philipp Engel)
foobar2000 v0.9.4.3 (HKLM\...\foobar2000) (Version: 0.9.4.3 - Peter Pawlowski)
Forgotten Honor (HKLM\...\Forgotten Honor_is1) (Version:  - )
Forgotten Hope 0.70 (HKLM\...\Forgotten Hope) (Version: 0.70 - Forgotten Hope Mod Team)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
Foxreal YouTube FLV Downloader version: 1.0.1.1 (HKLM\...\{1EE1BE7E-1F9A-4150-B95D-74415BCCF4D8}_is1) (Version:  - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Freemake Video Converter version 3.0.0 (HKLM\...\Freemake Video Converter_is1) (Version: 3.0.0 - Ellora Assets Corporation)
Galactic Conquest Release 5.3 (HKLM\...\Galactic Conquest Mod) (Version: Release 5.3 - Galactic Conquest Mod Team)
Garmin BaseCamp (HKLM\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{29382fb9-c7e9-45a6-a223-db732d64f6a6}) (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}) (Version: 2.7.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geometry 7.0 (HKLM\...\6th) (Version: 7.0 - Homeworkhelp.com)
Google SketchUp 8 (HKLM\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
GTK+ 2.8.18-1 runtime environment (HKLM\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Human 3D LR1n (HKLM\...\{F03538CD-A245-4772-B9F3-655E6DCB34B1}) (Version: 1.00.0000 - ContMedia)
IconArt (HKLM\...\IconArt) (Version: 2.0.1 - ConWare)
ID3 renamer 2.15.15 (HKLM\...\id3renamer.cincura.net_is1) (Version: 2.15.15 - Jiri Cincura)
ID3-TagIT 3 (HKLM\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
ImageMagick 6.7.7-6 Q16 (2012-06-01) (HKLM\...\ImageMagick 6.7.7 Q16_is1) (Version: 6.7.7 - ImageMagick Studio LLC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
JaVaWa Device Manager 2.3 (HKLM\...\{4D700EE8-5A7D-43C1-B4E2-BC8A22B482DD}_is1) (Version: 2.3 - JaVaWa GPS-tools)
Jays Snipping Tool (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\e891758400ca417b) (Version: 1.0.0.12 - Missoula Software)
Karen's Directory Printer (HKLM\...\Karen's Directory Printer) (Version: 5.2.0.6 - Karen Kenworthy)
K-Lite Mega Codec Pack 5.1.6 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.6 - )
LibreOffice 4.4 Help Pack (English (United States)) (HKLM\...\{B50EA0C4-243C-47ED-B48C-C9B461A4018D}) (Version: 4.4.1.2 - The Document Foundation)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Magic 2000 ScreenSaver (HKLM\...\Magic2000) (Version:  - )
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mavis Beacon Platinum - 25th Anniv. Ed. (HKLM\...\{7DCD379D-8420-4A20-9E08-45FA9EFA7EBA}) (Version: 21.00.0000 - Broderbund)
MaXimus DVD Version 1.2 (HKLM\...\ST6UNST #1) (Version:  - )
Maxwell for SketchUp 8 (Standalone) (HKLM\...\{756EBD0B-E4EB-468B-9C7F-42C1FB91AEF6}) (Version: 2.7.22 - Next Limit Technologies)
Medal of Honor Airborne (HKLM\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Medal of Honor Allied Assault (HKLM\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Medal of Honor Allied Assault™ Breakthrough (HKLM\...\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}) (Version:  - )
Medal of Honor Allied Assault™ Breakthrough Patch v2.40 (HKLM\...\{DF9046D6-5F1F-40B6-9782-3DC2D902D391}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead (HKLM\...\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead (HKLM\...\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead Patch 2.15 (HKLM\...\{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}) (Version:  - )
Medal of Honor Pacific Assault™ (HKLM\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Medal of Honor Pacific Assault™ Patch2 (HKLM\...\{824539D7-D27E-4CC3-B36F-6404B5EB726B}) (Version: 1.0 - Electronic Arts)
MediaMonkey 3.0 (HKLM\...\MediaMonkey_is1) (Version: 3.0 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Encarta Encyclopedia 2000 (HKLM\...\Encarta Encyclopedia 2000 A) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM\...\Train Simulator 1.0) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Mp3 Tag Tools v1.2 (HKLM\...\mtt12) (Version:  - )
Mp3tag v2.48 (HKLM\...\Mp3tag) (Version: v2.48 - Florian Heidenreich)
MSTS Patch 1.8.0521 EN (HKLM\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero Media Player (HKLM\...\NMPUninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Norton PartitionMagic (Version: 8.05.000 - Symantec) Hidden
Norton PartitionMagic 8.0 (HKLM\...\InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}) (Version: 8.05.000 - Symantec)
Norwegian Resistance Hotfix 0.86 (HKLM\...\Norwegian Resistance Hotfix 0.86) (Version:  - )
Norwegian Resistance v0.85 (HKLM\...\Norwegian Resistance v0.85) (Version:  - )
Norwegian Resistance v0.86b Hotfixhotfix (HKLM\...\Norwegian Resistance v0.86b Hotfixhotfix) (Version:  - )
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Linspire Inc.)
OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)
Opera 10.10 (HKLM\...\{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}) (Version: 10.10 - Opera Software ASA)
Paint Shop Pro 7 Try And Buy (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
PanaVue ImageAssembler (HKLM\...\PanaVue ImageAssembler) (Version:  - )
PANZERS DEMO #2 (HKLM\...\PANZERS DEMO #2) (Version:  - )
PaperPort 7.02 (HKLM\...\PaperPort 7.02) (Version:  - )
PDF Password Remover v2.1 (HKLM\...\PDF Password Remover v2.1_is1) (Version:  - verypdf.com Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.5 - Frank Heindörfer, Philip Chinery)
pdfsam (HKLM\...\pdfsam) (Version: 1.0.1 - )
PE Builder 3.1.10a (HKLM\...\PE Builder_is1) (Version:  - Bart Lagerweij)
PhenomMsrTweaker (HKLM\...\{7FB8C701-194B-4214-A527-7B1DBB6442FA}) (Version: 1.2.2 - Martin Kinkelin)
Physics I 3.5 (HKLM\...\phy1) (Version: 3.5 - Homeworkhelp.com)
Planetarium (HKLM\...\Planetarium) (Version:  - )
PoE v1.0.0.0 (HKLM\...\PoE) (Version: 1.0.0.0 - Point of Existence)
PriceSparrow (HKLM\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION
PS Tray Factory 3.2 (HKLM\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
PS/2 Rate Adjuster PLUS (HKLM\...\PS/2 Rate Adjuster PLUS_is1) (Version:  - )
PunkBuster for Battlefield Vietnam (HKLM\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
RAR Password Recovery Magic v6.1.1.232 (HKLM\...\RAR Password Recovery Magic_is1) (Version:  - Password Recovery Magic Studio Ltd.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5919 - Realtek Semiconductor Corp.)
RegSupreme 1.3 (HKLM\...\RegSupreme_is1) (Version:  - )
RegWorks 1.3.4 (HKLM\...\RegWorks_is1) (Version:  - RegWorks Software, Inc.)
SereneScreen Marine Aquarium 2.6 (HKLM\...\SereneScreen Marine Aquarium 2.6_is1) (Version: 2.6 - Prolific Publishing, Inc.)
Signature995 (HKLM\...\Signature995) (Version:  - )
SiSoftware Sandra Lite 2009.SP4 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1) (Version: 15.124.2009.9 - SiSoftware)
Skins (Version: 2009.0603.1160.19656 - ATI) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Star Trek Armada II DEMO (HKLM\...\Star Trek Armada II DEMO) (Version:  - )
Star Trek Bridge Commander (HKLM\...\Bridge Commander) (Version:  - )
Star Trek Legacy (HKLM\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Legacy Patch v1.1 (HKLM\...\{CF937220-C6A5-438F-AB5C-8C7CD5F6DEA3}) (Version: 1.10.0000 - Bethesda Softworks)
Star Trek Legacy Patch v1.2 (HKLM\...\{A0595C97-DB17-429D-AB24-8594019B9A6C}) (Version: 1.20.0000 - Bethesda Softworks)
Star Trek Voyager Elite Force Demo (HKLM\...\{05AE3000-4385-11D4-87A3-00A0C98CB762}) (Version:  - )
Star Trek: Armada Demo (HKLM\...\Activision_StarTrekArmadaDemoUninstallKey) (Version:  - )
Star Wars Battlefront (HKLM\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Stargate Single Player (HKLM\...\Stargate Single Player) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Train Store V3.2 (HKLM\...\Train Store V3.2) (Version:  - )
Trigonometry 7.0 (HKLM\...\TRIG) (Version: 7.0 - Homeworkhelp.com)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
uberOptions 4.60.4 (HKLM\...\uberOptions) (Version: 4.60.4 - Richard L. Owens)
Unlocker 1.8.1 (HKLM\...\Unlocker) (Version: 1.8.1 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
US Government 1.5 (HKLM\...\usg) (Version: 1.5 - Homeworkhelp.com)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
ViGlance (HKLM\...\ViGlance) (Version: 1.0.0.1306 - Lee-Soft.com)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VistaSwitcher (HKLM\...\VistaSwitcher) (Version: 1.1.5 - NTWind Software)
Visual Install Pack (HKLM\...\{F7988B35-38CE-4432-ABF3-4FCAB533AE0C}) (Version: 81.21 - Phoenixx1771)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VP-Man (HKLM\...\VPMan_is1) (Version:  - c00l cODINGs)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.9.0.0 - Azureus Software, Inc.)
W311U (HKLM\...\{36BD5CFB-D7E8-4A33-B037-A5238616E74D}) (Version: 1.00.0000 - Tenda)
Washington, DC #1 (HKLM\...\Washington, DC #1) (Version:  - )
Washington, DC #2 (HKLM\...\Washington, DC #2) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-823518204-746137067-682003330-1003\...\WinDirStat) (Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
Writing Master 1.5 (HKLM\...\writing) (Version: 1.5 - Homeworkhelp.com)
XAce Plus v2.6 (HKLM\...\XAce Plus v2.6) (Version:  - )
XBCD 1.07 (HKLM\...\XBCD) (Version: 1.07 - Redcl0ud)
XnView 1.92 (HKLM\...\XnView_is1) (Version: 1.92 - Gougelet Pierre-e)
XP16 (HKLM\...\{DFE146DD-8526-4BC7-A9E7-B8E8A220C776}) (Version: 1.00.0000 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-07-2015 17:31:59 Removed PowerChute Personal Edition 3.0.2
10-07-2015 18:26:42 Installed CyberPower PowerPanel Personal Edition 1.5.2
11-07-2015 18:48:59 System Checkpoint
12-07-2015 19:23:29 System Checkpoint
14-07-2015 18:18:41 System Checkpoint
15-07-2015 18:25:31 System Checkpoint
17-07-2015 16:13:00 System Checkpoint
18-07-2015 20:59:45 System Checkpoint
20-07-2015 18:05:13 System Checkpoint
21-07-2015 18:59:20 System Checkpoint
22-07-2015 19:23:25 System Checkpoint
23-07-2015 19:43:19 System Checkpoint
25-07-2015 17:58:50 System Checkpoint
26-07-2015 18:34:53 System Checkpoint
27-07-2015 19:30:34 System Checkpoint
28-07-2015 20:02:57 System Checkpoint
29-07-2015 20:10:41 System Checkpoint
31-07-2015 13:28:19 System Checkpoint
01-08-2015 17:40:34 System Checkpoint
02-08-2015 18:38:46 System Checkpoint
03-08-2015 18:42:15 System Checkpoint
05-08-2015 18:29:21 System Checkpoint
06-08-2015 18:38:55 System Checkpoint
11-08-2015 09:24:42 Restore Operation
11-08-2015 10:40:05 Restore Operation
11-08-2015 11:01:07 Restore Operation
11-08-2015 11:13:09 Restore Operation
24-09-2015 18:58:42 Removed PhenomMsrTweaker
24-09-2015 18:59:03 Removed PhenomMsrTweaker
24-09-2015 19:00:12 Installed PhenomMsrTweaker
24-09-2015 19:06:48 Removed PhenomMsrTweaker
24-09-2015 19:08:06 Installed PhenomMsrTweaker
25-09-2015 10:38:13 pre-emsisoft
25-09-2015 10:57:57 avast! antivirus system restore point
25-09-2015 11:00:13 Installed Windows XP Wdf01009.
25-09-2015 11:07:14 avast! antivirus system restore point
03-10-2015 11:23:31 Removed Java 8 Update 45
03-10-2015 11:48:23 Installed EasySync CryptoMonitor
20-10-2015 19:08:34 Monopoly v2.00.101 Crack - By Maggot Brain Installation
03-11-2015 08:48:30 Removed PhenomMsrTweaker
03-11-2015 08:49:47 Installed PhenomMsrTweaker
03-11-2015 17:40:02 Removed PhenomMsrTweaker
03-11-2015 17:40:13 Removed PhenomMsrTweaker

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-06-20 07:00 - 2011-09-21 17:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => G:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 17:56 - 2015-09-25 10:58 - 00103376 _____ () G:\Program Files\AVAST Software\Avast\log.dll
2015-07-09 17:56 - 2015-09-25 10:58 - 00123976 _____ () G:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-03 08:52 - 2015-11-03 08:52 - 03014608 _____ () G:\Program Files\AVAST Software\Avast\defs\15110300\algo.dll
2009-09-06 20:51 - 2003-10-06 09:31 - 00069632 _____ () G:\program files\AutoShutdown\ASIdle.dll
2011-03-26 18:32 - 2010-04-26 01:18 - 00053248 _____ () G:\program files\PS Tray Factory\HKDll.dll
2010-05-31 12:05 - 1999-04-22 19:22 - 00003584 _____ () G:\program files\WKeyKill\WKeyKill.dll
2011-04-26 18:02 - 2008-04-13 14:32 - 00165376 _____ () G:\program files\taskbar_shuffle\tbhookin.dll
2011-10-07 04:41 - 2011-10-07 04:41 - 00879896 _____ () G:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-03-14 20:35 - 2015-09-25 10:58 - 40539648 _____ () G:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-03 13:26 - 2015-11-03 13:01 - 00172032 _____ () C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll
2015-10-03 13:26 - 2015-11-03 13:01 - 00192512 _____ () C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll
2013-05-17 20:21 - 2008-12-06 18:32 - 00886784 _____ () G:\program files\AeroSnap\AeroSnap.exe
2013-05-17 20:21 - 2008-12-06 18:31 - 00046080 _____ () G:\program files\AeroSnap\AeroSnap.Application.dll
2015-11-03 13:25 - 2015-11-03 13:25 - 00011264 _____ () C:\Documents and Settings\username\Local Settings\temp\nsqE.tmp\System.dll
2015-11-03 13:25 - 2015-11-03 13:25 - 00121344 _____ () C:\Documents and Settings\username\Local Settings\temp\nsqE.tmp\xml.dll
2015-09-24 18:49 - 2010-02-05 11:29 - 00065536 _____ () G:\PortableApps\SunbirdPortable\Data\profile\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2015-09-17 22:10 - 2015-09-17 22:10 - 01037416 _____ () G:\PortableApps\LibreOfficePortable\App\libreoffice\program\libxml2.dll
2015-09-17 22:09 - 2015-09-17 22:09 - 00372840 _____ () G:\PortableApps\LibreOfficePortable\App\libreoffice\program\glew32.dll
2015-09-17 22:10 - 2015-09-17 22:10 - 00182376 _____ () G:\PortableApps\LibreOfficePortable\App\libreoffice\program\libxslt.dll
2015-09-17 22:10 - 2015-09-17 22:10 - 00116328 _____ () G:\PortableApps\LibreOfficePortable\App\libreoffice\program\python3.dll
2015-09-17 20:09 - 2015-09-17 20:09 - 00049152 _____ () G:\PortableApps\LibreOfficePortable\App\libreoffice\program\python-core-3.3.3\lib\_socket.pyd
2009-09-07 09:40 - 2010-03-15 11:28 - 00141824 _____ () G:\Program Files\WinRAR\rarext.dll
2006-09-15 01:07 - 2006-09-15 01:07 - 00143872 _____ () G:\Program Files\7-Zip\7-zip.dll
2009-03-19 03:15 - 2009-03-19 03:15 - 00019456 _____ () G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
2009-03-19 03:15 - 2009-03-19 03:15 - 00113664 _____ () G:\program files\PhenomMsrTweaker\PhenomMsrTweaker.exe

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-823518204-746137067-682003330-1003\Control Panel\Desktop\\Wallpaper -> G:\program files\Wallpaper Master\wallImageusername.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Enabled:Torch
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Enabled:hola_plugin.exe
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Enabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield 1942\BF1942.exe] => Disabled:BF1942
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield Vietnam\bfvietnam.exe] => Disabled:bfvietnam
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield 2\bf2_w32ded.exe] => Disabled:bf2_w32ded
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\MOHAA\MOHAA.exe] => Disabled:Medal of Honor Allied Assault
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\MOHAA\moh_spearhead.exe] => Disabled:Medal of Honor Allied Assault™ Spearhead
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\MOHAA\moh_Breakthrough.exe] => Disabled:Medal of Honor Allied Assault™ Breakthrough
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe] => Disabled:Medal of Honor Pacific Assault™
StandardProfile\AuthorizedApplications: [G:\program files\Firefox\App\Firefox\firefox.exe] => Enabled:Firefox
StandardProfile\AuthorizedApplications: [G:\program files\Mozilla Sunbird\sunbird.exe] => Disabled:Sunbird
StandardProfile\AuthorizedApplications: [G:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe] => Disabled:SiSoftware Deployment Agent Service
StandardProfile\AuthorizedApplications: [G:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe] => Disabled:SiSoftware Sandra Agent Service
StandardProfile\AuthorizedApplications: [G:\program files\windows media player\wmplayer.exe] => Disabled:Windows Media Player
StandardProfile\AuthorizedApplications: [G:\program files\Foolish IT\CryptoPrevent\CryptoPrevent.exe] => Enabled:CryptoPrevent.exe
StandardProfile\AuthorizedApplications: [G:\Program Files\AVG\AVG10\avgmfapx.exe] => Disabled:AVG Installer
StandardProfile\AuthorizedApplications: [G:\program files\Vuze\Azureus.exe] => Disabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [G:\program files\EA GAMES\Battlefield 2\BF2.exe] => Disabled:Battlefield 2
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe] => Disabled:Burnout™ Paradise The Ultimate Box
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe] => Disabled:Burnout™ Paradise The Ultimate Box
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe] => Disabled:Burnout™ Paradise The Ultimate Box
StandardProfile\AuthorizedApplications: [G:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe] => Disabled:Call of Duty® 4 - Modern Warfare™
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe] => Disabled:Crysis_32_sp_demo
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Disabled:hola_plugin.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Disabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [G:\program files\JDownloader_PortableApps\CommonFiles\Java\bin\javaw.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [G:\program files\Java\jre6\bin\javaw.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [G:\PortableApps\LibreOfficePortable\App\libreoffice\program\soffice.bin] => Disabled:LibreOffice
StandardProfile\AuthorizedApplications: [G:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe] => Disabled:Medal of Honor Airborne
StandardProfile\AuthorizedApplications: [G:\program files\operator\Opera\opera.exe] => Disabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [G:\program files\Opera\opera.exe] => Disabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Disabled:Torch

==================== Faulty Device Manager Devices =============

Name: VAXSCSI Controller
Description: VAXSCSI Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: vaxscsi
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: AL29FC3X IDE Controller
Description: AL29FC3X IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: ac1oo1h7
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2015 05:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (11/03/2015 05:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (11/03/2015 05:40:13 PM) (Source: MsiInstaller) (EventID: 11722) (User: US-426F0D755718)
Description: Product: PhenomMsrTweaker -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action _F5CB094F_BC85_47E0_A404_860FF0D9B470, location: G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe, command: -u (NULL)(NULL)(NULL)(NULL)

Error: (11/03/2015 05:40:02 PM) (Source: MsiInstaller) (EventID: 11722) (User: US-426F0D755718)
Description: Product: PhenomMsrTweaker -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action _F5CB094F_BC85_47E0_A404_860FF0D9B470, location: G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe, command: -u (NULL)(NULL)(NULL)(NULL)

Error: (11/03/2015 05:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (11/03/2015 08:50:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (11/03/2015 08:29:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (09/25/2015 08:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (09/24/2015 07:11:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cpuz.exe, version 1.5.2.2, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [cpuz.exe!ws!]

Error: (09/24/2015 06:59:02 PM) (Source: MsiInstaller) (EventID: 11721) (User: US-426F0D755718)
Description: Product: PhenomMsrTweaker -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _F5CB094F_BC85_47E0_A404_860FF0D9B470, location: G:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe, command: -u (NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (11/03/2015 05:39:25 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/03/2015 08:47:47 AM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/30/2015 06:34:34 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/17/2015 05:54:52 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/17/2015 10:54:43 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2015 10:53:58 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2015 10:53:34 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (10/14/2015 05:49:20 PM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/03/2015 11:26:19 AM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/03/2015 11:22:04 AM) (Source: DCOM) (EventID: 10005) (User: US-426F0D755718)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 50%
Total physical RAM: 1790.42 MB
Available physical RAM: 882.49 MB
Total Virtual: 3684.11 MB
Available Virtual: 2882.71 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:29.29 GB) (Free:9.14 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (CRUZER) (Removable) (Total:0.95 GB) (Free:0.12 GB) FAT32
Drive g: (Programs) (Fixed) (Total:436.46 GB) (Free:34.4 GB) NTFS
Drive i: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 95CB95CB)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 977.5 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=977 MB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: 69FC7055)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================



#6 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 04 November 2015 - 08:59 AM

Background, status, and additional concerns:

 

I rebooted the computer (I usually hibernate it) and a window from Adobe popped up saying an update for Flash Player was available, and gave me an option to install it, but the PC was offline, so I cancelled out of it for the time being.
I was wanting it to just update in the background without asking me first.  (Adobe isn't a major concern, though, b/c the distribution version installs properly.  It's just a hassle to have to keep checking the distro website to see if anything has been updated.

Also - I went through the BlackViper list of default configurations and came up with these differences, but I'm not sure which ones might be causing an issue and which ones are not good to enable:

Automatic Updates - Disabled - Default Automatic (Started)
Background Intelligent Transfer Service - Manual (Started) - Default Manual
Clipbook - Manual - Default Disabled
Computer Browser - Disabled - Default Automatic (Not Started)
Distributed Link Tracking Client - Disabled - Default Automatic (Started)
Fast user Switching - Manual - Default Manual (Started)
Human Interface Device Access - Automatic (Started) - Default Disabled
Indexing Service - Manual - Default Automatic (Started)
Net Logon - Disabled - Default Manual
NetMeeting Remote Desktop Sharing - Disabled - Default Manual
Network Connections - Manual (started) - Default Manual
Network Location Awareness (NLA) - Disabled - Default Manual (Started)
Perfomance Logs and Alerts - Disabled - Default Manual
Qos RSVP - Disabled - Defualt Manual
Remote Access connection Manager - Manual (Started) - Default Manual
Remote Desktop Help Session Manager - Disabled - Default Manual
Remote Procedure Call Locator - Automatic (Started) - Default Manual
Remote Registry - Disabled - Default Automatic (Started)
Security center - Manual - Default Automatic (Started)
Shell Hardware Detection - Disabled - Default Automatic (Started)
Smart Card - Disabled - Default Manual
SSDP Discovery Service - Disabled - Default Manual (Started)
Task Scheduler - Disabled - Default Automatic (Started)
TCP/IP NetBISO Helper Service - Manual - Default Automatic (Started)
Telephony - Manual (Started) - Default Manual
WebClient - Manual - Default Automatic (Started)
Windows Image Acquisition - Automatic (Started) - Default Manual

 

CryptoPrevent support said none of these would disable their updates, but I'm not sure, - but I don't want to blindly enable or disable services to test.  However, not being able to update CryptoPrevent is like running a six-month old un-updated AntiVirus - it's better than nothing, but ...

 

PhenomMSRTweaker and the related service seem to randomly stop working.  Minor annoyance, but it is a pain to have to check every so often and re-install the service (I mainly use it for undervolting the CPU).

 

I'm a bit concerned about the Alphabet folders above:

2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\username\Desktop\&nxmuloklsjtmjklwkxexx
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\username\AAODFxcvaklsjtmjklwkxelssz
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\Documents and Settings\^xcvaklsjtmjklwkxelssz
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\%hualklsjtmjklwkxerswa
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ___HD C:\!mwrklsjtmjklwkxebrutp

Then again - I don't see that folder or file on the desktop, so perhaps it is something created by FRST and later removed.

 

Thanks in advance!!!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 07 November 2015 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove Programs and Features remove these programs in bold.
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
PriceSparrow (HKLM\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION

p.s.
Hijackthis is no longer supported and the other is Adware.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

U3 a7efyecq; C:\WINDOWS\system32\Drivers\a7efyecq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 ac1oo1h7; no ImagePath
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Enabled:Torch
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Enabled:hola_plugin.exe
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Enabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Disabled:hola_plugin.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Disabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Disabled:Torch
C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll
C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll
C:\WINDOWS\system32\Drivers\a7efyecq.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

What are the remaining issues.

p.s.

DNS Servers: Media is not connected to internet.

Something to look at if the problem persists.

#8 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 10 November 2015 - 07:04 AM

I removed Hijack This and Price Sparrow from Add/Remove programs with no issues.

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:31-10-2015
Ran by username (2015-11-09 19:33:45) Run:6
Running from G:\Data\Desktop
Loaded Profiles: username (Available Profiles: username)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

U3 a7efyecq; C:\WINDOWS\system32\Drivers\a7efyecq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 ac1oo1h7; no ImagePath
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Enabled:Torch
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Enabled:hola_plugin.exe
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Enabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe] => Disabled:hola_plugin.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe] => Disabled:hola_plugin_x64.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe] => Disabled:Torch
C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll
C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll
C:\WINDOWS\system32\Drivers\a7efyecq.sys

End
*****************

Restore point was successfully created.
Processes closed successfully.
a7efyecq => service not found.
ac1oo1h7 => service not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\username\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\username\Local Settings\Application Data\Torch\Application\torch.exe => value removed successfully.
C:\Documents and Settings\username\Local Settings\temp\sfamcc00001.dll => moved successfully
C:\Documents and Settings\username\Local Settings\temp\sfareca00001.dll => moved successfully
"C:\WINDOWS\system32\Drivers\a7efyecq.sys" => not found.
EmptyTemp: => 47.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:33:59 ====

 

The DNS Servers error is NOT a problem - I use a USB wireless dongle that was not connected when I ran FRST.

 

However, after re-booting I tried to update CryptoPrevent and still got the "Could Not Update" error.  I then updated the MalwareBytes anti-malware database successfully (which verified the internet connection was okay) and then tried CryptoPrevent again and got the same error message.

 

Again -  I think this is related to having services disabled when I ran BlackViper's guide, but I don't want to randomly enable them and CryptoPrevent support said that is not the issue, although they didn't say what the issue was.

 

Other issues - probably unrelated ...  Emsisoft Emergency Kit doesn't play well with Avast Free Antivirus - I tried to update EEK and got a bunch of Antivirus popup's from AVAST.  I clicked fix a few times, then cancelled EEK, added C:\EEK to exclusions in Avast, and then the EEK scan ran fine and didn't find any issues.

 

A really odd thing - not sure if it is related to the above or not - I still use the Quick Launch bar in Windows XP SP3 - Somehow all of my shortcuts lost the command line options: i.e. I have a shortcut to Windows Explorer with the options "C:\Windows\explorer.exe /n, /e, /select, c:\"  The " /n, /e, /select, c:\" was dropped from that and my other shortcuts.  I restored them manually or from backups and haven't seen the issue again, but it seemed odd ...

 

Thanks again!!!


Edited by Tiger-Heli, 10 November 2015 - 07:05 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 10 November 2015 - 10:28 AM

I would remove the CryptoPrevent using the Add/Remove programs applet.

Restart the computer norally.

Reinstall the application.

#10 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 11 November 2015 - 06:59 AM

Good suggestion, but uninstalling, rebooting, and re-installing didn't work.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 11 November 2015 - 09:04 AM

I suggest you submit a ticket to Foolisht.com

https://support.foolishit.com/portal/community/

The should be able to help.

#12 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 11 November 2015 - 11:07 AM

Done - they ultimately recommended that I update to a newer  operating system.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 11 November 2015 - 02:29 PM

Does it mean that the tool does not support XP?

#14 Tiger-Heli

Tiger-Heli
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 11 November 2015 - 05:14 PM

No - it clearly says it supports XP - they say they have hundreds or 1,000's of XP users.  They just said XP is not secure and I should really update the operating system.

 

My theory is that it is probably due to one of the services that I disabled, but I don't think they had an XP machine or wanted to set up a virtual installation and disable the same services and then re-enable them and see what combination made it work.

 

(I really should just enable the default config and see what that fixes, but I think a few of them should stay disabled ...)



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 12 November 2015 - 08:21 AM

Lets check if some services need attention.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users