User User name Password  
   
Monday 14.10.2024 / 10:43
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > combofix stalls
Show topics
 
Forums
Forums
Combofix stalls
  Jump to:
 
Posted Message
ddp
Moderator
_
29. December 2013 @ 17:33 _ Link to this message    Send private message to this user   
ps355528, would you suggest a low level format of the drive & a complete re-install of windows?
Advertisement
_
__
AfterDawn Addict
_
29. December 2013 @ 17:52 _ Link to this message    Send private message to this user   
ccleaner has the ability to overwrite all free space on all partitions with as many as 35 passes. The only other way is to repave reinstall to be sure nothing is left in the files or apps. How far you take it depends of what you use it for...
ddp
Moderator
_
29. December 2013 @ 17:59 _ Link to this message    Send private message to this user   
2oldGeek, who do you think introduced ccleaner to this site years ago?
AfterDawn Addict
_
29. December 2013 @ 18:04 _ Link to this message    Send private message to this user   
who cares? it works..
ddp
Moderator
_
29. December 2013 @ 18:16 _ Link to this message    Send private message to this user   
i know.
AfterDawn Addict
_
29. December 2013 @ 18:22 _ Link to this message    Send private message to this user   
I know you know. that wasn't for your info.... lol
Paynor
Newbie
_
29. December 2013 @ 18:36 _ Link to this message    Send private message to this user   
Back again. Trying again to post OTL logs, mbar is now running a scan and will post mbar logs in a few minutes.

OTL logs:

OTL logfile created on: 27/12/2013 07:19:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T42-Win7\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.64% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.05 Gb Total Space | 15.56 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
Drive D: | 79.10 Gb Total Space | 3.96 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 1.33 Gb Free Space | 36.85% Space Free | Partition Type: FAT32

Computer Name: T42-WIN7 | User Name: T42-Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/12/24 19:36:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
PRC - [2013/11/12 15:28:02 | 001,144,544 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe
PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/02 03:08:22 | 000,692,328 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2013/05/28 11:50:02 | 000,218,112 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/12/23 12:33:08 | 000,134,416 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/12/09 12:47:36 | 000,726,912 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 09:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/07/12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 16:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 15:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 15:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/04 10:42:58 | 002,411,520 | ---- | M] (GoldenDict) -- C:\Program Files\GoldenDict\GoldenDict.exe
PRC - [2010/10/27 12:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 04:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/24 10:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009/11/24 10:25:34 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/11/09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/09/23 09:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2007/03/26 09:00:26 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1005MC.EXE
PRC - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] (GNU) -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe
PRC - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] () -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvslock.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/27 15:50:30 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll
MOD - [2010/12/03 16:03:12 | 000,007,168 | ---- | M] () -- C:\Program Files\GoldenDict\GdTextOutSpy.dll
MOD - [2010/12/03 06:37:48 | 000,378,880 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qtiff4.dll
MOD - [2010/12/03 06:37:48 | 000,351,744 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qmng4.dll
MOD - [2010/12/03 06:37:48 | 000,286,720 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qjpeg4.dll
MOD - [2010/12/03 06:37:48 | 000,083,456 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qico4.dll
MOD - [2010/12/03 06:37:46 | 000,083,456 | ---- | M] () -- C:\Program Files\GoldenDict\imageformats\qgif4.dll
MOD - [2010/12/03 06:32:46 | 000,399,360 | ---- | M] () -- C:\Program Files\GoldenDict\QtXml4.dll
MOD - [2010/12/03 06:32:40 | 000,344,576 | ---- | M] () -- C:\Program Files\GoldenDict\phonon4.dll
MOD - [2010/12/03 06:32:28 | 017,314,816 | ---- | M] () -- C:\Program Files\GoldenDict\QtWebKit4.dll
MOD - [2010/12/03 06:32:22 | 001,149,440 | ---- | M] () -- C:\Program Files\GoldenDict\QtNetwork4.dll
MOD - [2010/12/03 06:32:18 | 000,043,008 | ---- | M] () -- C:\Program Files\GoldenDict\libgcc_s_dw2-1.dll
MOD - [2010/12/03 06:32:12 | 000,011,362 | ---- | M] () -- C:\Program Files\GoldenDict\mingwm10.dll
MOD - [2010/12/03 06:32:00 | 009,889,792 | ---- | M] () -- C:\Program Files\GoldenDict\QtGui4.dll
MOD - [2010/12/03 06:31:58 | 002,543,616 | ---- | M] () -- C:\Program Files\GoldenDict\QtCore4.dll
MOD - [2009/05/16 00:22:42 | 000,716,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
MOD - [2008/12/06 01:41:50 | 000,619,008 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
MOD - [2005/04/19 18:38:00 | 000,396,288 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\service\sc_sysService.exe -- (sc_sysService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - File not found [Auto | Stopped] -- C:\Program Files\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Diafaan SMS Server\DiafaanMessageServer.exe -- (DiafaanMessageServer)
SRV - [2013/12/23 22:25:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 08:49:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/02 03:08:22 | 000,692,328 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2013/05/28 11:50:02 | 000,218,112 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/04 02:26:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/01/08 04:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/25 11:26:16 | 000,246,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Zain Broadband\UpdateDog\ouc.exe -- (Zain Broadband. RunOuc)
SRV - [2012/08/30 01:31:46 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2012/07/20 00:04:13 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/09 12:47:42 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/07/12 15:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 15:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/07/12 09:16:32 | 000,175,104 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\FC.com\pev.3XE -- (PEVSystemStart)
SRV - [2011/03/14 10:27:28 | 000,271,712 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/07/11 09:24:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/11 05:53:46 | 000,606,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Traffic Shaper XP Server\bcserver.service -- (bcserver)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [Disabled | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/24 10:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/11/09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:14:48 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2007/02/07 09:26:52 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
SRV - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] (GNU) [Auto | Running] -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvsservice.exe -- (CVS)
SRV - [2003/03/19 13:24:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\SC_TOOLS\visualCVS_server\exec\windows\cvsNt\cvslock.exe -- (CVSLock)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\T42-Win7\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\T42-Win7\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/02 02:37:50 | 000,027,648 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2013/07/04 15:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013/07/04 15:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/07/04 15:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/07/04 15:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/12/25 11:26:17 | 000,377,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/12/25 11:26:17 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/12/25 11:26:17 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/12/25 11:26:17 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/12/25 11:26:16 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/09/01 06:46:32 | 000,026,864 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/22 12:41:38 | 000,022,624 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspLLL32.sys -- (rspLLL)
DRV - [2012/06/11 03:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2011/12/26 20:10:35 | 000,033,080 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/12/16 10:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011/11/21 15:33:57 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/10/07 18:24:36 | 000,126,976 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/09/28 05:55:54 | 000,061,568 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011/09/28 05:55:39 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2011/08/30 01:35:44 | 000,138,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcnet.sys -- (zgdcnet)
DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcnmea.sys -- (zgdcnmea)
DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcmdm.sys -- (zgdcmdm)
DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcdiag.sys -- (zgdcdiag)
DRV - [2011/08/30 01:35:44 | 000,113,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdcat.sys -- (zgdcat)
DRV - [2011/08/30 01:35:44 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_LTE.sys -- (massfilter_lte)
DRV - [2011/08/02 15:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/04 04:36:32 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2011/03/29 18:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/03/29 18:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011/03/18 08:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/02 06:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/11/20 07:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 05:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 07:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/08/25 11:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\prwntdrv.sys -- (prwntdrv)
DRV - [2010/07/28 22:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/11 05:53:45 | 000,226,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcim.sys -- (Bcim)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/02/09 08:53:28 | 000,023,304 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys -- (MADFULEGACYKEYBOARD)
DRV - [2010/02/09 08:53:24 | 000,167,304 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioLegacyKeyboard.sys -- (MAUSBLEGACYKEYBOARD)
DRV - [2010/01/26 14:45:34 | 000,026,160 | ---- | M] (hantek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSO2090X862.SYS -- (DSO20902)
DRV - [2010/01/26 14:45:30 | 000,024,376 | ---- | M] (hantek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dso2090X861.sys -- (DSO20901)
DRV - [2010/01/06 19:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/08/28 13:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/08/27 14:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/08/05 16:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/05 14:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/28 22:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/24 13:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/07/13 17:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/19 11:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009/06/19 11:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/19 11:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/17 13:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/06/04 03:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/20 10:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/20 14:46:50 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/06 18:04:56 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/07/28 21:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008/05/06 09:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/19 04:40:34 | 000,053,760 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mchpusb.sys -- (MCHPUSB)
DRV - [2007/11/08 09:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/07/04 19:57:54 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
DRV - [2007/03/06 19:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2007/02/16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2005/04/19 18:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003/01/23 02:18:04 | 000,037,772 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ulink.sys -- (Usblink)
DRV - [2002/05/16 21:41:46 | 000,024,776 | ---- | M] (Motorola) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMMSB96.sys -- (CommSB96)
DRV - [2000/12/05 07:34:40 | 000,024,476 | ---- | M] (Motorola) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMMSBEP.sys -- (CommSBEP)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = removed link
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: removed link


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = removed link
IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: removed link
IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: removed link
IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: removed link
IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: removed link
IE - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaulturl: removed link
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://ixquick.com/|https://ixquick.com/eng/?&cat=web&query=&r=681211"
FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2
FF - prefs.js..extensions.enabledAddons: externalappbutton%40teo.pl:0.11
FF - prefs.js..extensions.enabledAddons: proxyselector%40mozilla.org:1.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..network.proxy.autoconfig_url: removed link
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@3ds.com/3dxml: C:\Program Files\Dassault Systemes\3D XML Player\intel_a\code\bin\NP3DXMLPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 08:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 08:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 08:49:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 08:49:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/04/28 04:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Extensions
[2011/04/28 04:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/12/13 08:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions
[2013/09/15 11:16:11 | 000,000,000 | ---D | M] (Autocopy) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2013/12/13 08:29:36 | 000,000,000 | ---D | M] (Module d'Antidote) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\antidote7_win_firefox_103@druide.com
[2013/07/11 18:53:10 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
[2013/09/15 11:13:20 | 000,037,223 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\externalappbutton@teo.pl.xpi
[2013/10/24 16:00:04 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2013/08/18 15:27:36 | 000,046,885 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\proxyselector@mozilla.org.xpi
[2013/07/11 19:14:22 | 000,690,228 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\proxytool@proxylist.co.xpi
[2012/05/10 10:13:09 | 000,246,320 | ---- | M] () (No name found) -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\extensions\syncplaces@andyhalford.com.xpi
[2011/10/14 10:09:56 | 000,002,071 | ---- | M] () -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\searchplugins\absearch-search.xml
[2013/07/21 12:39:49 | 000,001,645 | ---- | M] () -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\searchplugins\ixquick-custom-search.xml
[2013/10/22 15:53:51 | 000,001,819 | ---- | M] () -- C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\searchplugins\ixquick-https.xml
[2013/12/11 08:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/11 08:49:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 08:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/11 08:49:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/17 14:46:03 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml.moz-backup
[2012/04/29 16:45:59 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/04/24 16:18:27 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/05/17 14:46:03 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml.moz-backup
[2011/05/17 14:46:03 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml.moz-backup
[2011/05/17 14:46:03 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml.moz-backup

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: removed link
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.3.3_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/19 09:14:06 | 000,000,922 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AgentAntidote32] C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\T42-Win7\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 3b65b9b60f3d9a991f302eeef2ae2aa0-3d18f4ad89fcddc54426870831530db41067c46f --CMPID 0913b File not found
O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [GoldenDict] C:\Program Files\GoldenDict\GoldenDict.exe (GoldenDict)
O4 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000..\Run: [One.com] C:\Program Files\OnecomCloudDrive\Dlls\AppLauncher.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: certifikat.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: certifikat.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: nets-danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: nets-danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: certifikat.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: certifikat.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: nets-danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: nets-danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: virk.dk ([]https in Trusted sites)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0444CCCA-83EA-439C-A9C9-F2F5D0A3DFAB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07D255C3-A699-413A-88A5-9EEF785E4DB3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/08/09 23:58:10 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2012/09/11 19:33:44 | 004,964,295 | ---- | M] () - F:\Autoclave_18L_guide_EN1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2012/08/09 23:58:10 | 000,000,016 | -H-- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive3\command - "" = G:\wubi.exe
O33 - MountPoints2\{0fcd5888-7270-11df-ac13-806e6f6e6963}\Shell\linuxlive4\command - "" = H:\wubi.exe
O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell - "" = AutoRun
O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive3\command - "" = G:\wubi.exe
O33 - MountPoints2\{4431480a-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive4\command - "" = H:\wubi.exe
O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell - "" = AutoRun
O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive3\command - "" = G:\wubi.exe
O33 - MountPoints2\{44314817-0f9d-11e1-bbb2-00164113bfe4}\Shell\linuxlive4\command - "" = H:\wubi.exe
O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive3\command - "" = G:\wubi.exe
O33 - MountPoints2\{446333be-4f74-11e2-9c0c-001e101f8924}\Shell\linuxlive4\command - "" = H:\wubi.exe
O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell - "" = AutoRun
O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\AutoRun\command - "" = J:\
O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive3\command - "" = G:\wubi.exe
O33 - MountPoints2\{9d156167-76e1-11e2-91f6-00164113bfe4}\Shell\linuxlive4\command - "" = H:\wubi.exe
O33 - MountPoints2\{a5eacadb-7cd3-11e0-a7a6-00164113bfe4}\Shell - "" = AutoRun
O33 - MountPoints2\{a5eacadb-7cd3-11e0-a7a6-00164113bfe4}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\G\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe
O33 - MountPoints2\G\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe
O33 - MountPoints2\G\Shell\linuxlive3\command - "" = G:\wubi.exe
O33 - MountPoints2\G\Shell\linuxlive4\command - "" = H:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/12/26 21:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/26 21:40:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/26 21:34:53 | 000,000,000 | --SD | C] -- C:\FC.com
[2013/12/26 19:29:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/26 19:29:44 | 001,061,649 | ---- | C] (Farbar) -- C:\Users\T42-Win7\Desktop\FRST.exe
[2013/12/26 18:57:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/26 18:57:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/26 18:57:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/26 18:57:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/26 18:50:05 | 001,937,144 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.exe.com
[2013/12/26 18:49:34 | 001,937,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\T42-Win7\Desktop\rkill.exe.com
[2013/12/26 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\New Folder
[2013/12/26 18:29:13 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\rootrepeal
[2013/12/26 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/12/26 16:02:22 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/12/26 16:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/12/26 15:05:53 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2013/12/26 15:05:32 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/12/26 14:58:33 | 081,224,032 | ---- | C] (Sophos Limited) -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.exe
[2013/12/26 14:58:33 | 000,782,640 | ---- | C] (McAfee, Inc.) -- C:\Users\T42-Win7\Desktop\rootkitremover.exe
[2013/12/26 14:49:30 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\mbam-chameleon-1.62.1.1000
[2013/12/26 14:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
[2013/12/26 13:53:40 | 005,158,590 | R--- | C] (Swearware) -- C:\Users\T42-Win7\Desktop\FC.com.exe
[2013/12/25 08:52:48 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\T42-Win7\Desktop\mbar-1.07.0.1008.exe
[2013/12/24 19:28:08 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\T42-Win7\Desktop\tdsskiller.exe
[2013/12/24 19:28:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\T42-Win7\Desktop\dds.com
[2013/12/24 19:28:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\T42-Win7\Desktop\aswmbr.exe
[2013/12/24 19:06:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/12/24 17:03:02 | 012,184,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\T42-Win7\Desktop\AppRemover.exe
[2013/12/24 14:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/24 14:16:38 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\Desktop\mbar
[2013/12/14 22:32:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/14 22:32:27 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/14 22:32:26 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/14 22:32:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/14 22:32:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/14 22:32:22 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/14 22:32:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/14 22:32:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/14 22:32:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/12/14 22:32:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/12/14 22:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/14 22:30:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/14 22:29:31 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/14 22:29:03 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/14 22:29:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/11 08:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/10 22:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/12/07 11:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2013/12/07 11:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Printers
[2013/12/07 11:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/12/07 11:35:54 | 000,000,000 | ---D | C] -- C:\Users\T42-Win7\AppData\Local\Downloaded Installations
[2013/12/07 10:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 7
[2013/12/02 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2011/09/29 01:11:06 | 000,431,888 | R--- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\riched20.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/12/27 06:47:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 21:47:07 | 000,710,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/26 21:47:07 | 000,140,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/26 21:45:24 | 000,030,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/26 21:45:24 | 000,030,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/26 21:41:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 21:40:18 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013/12/26 21:39:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/26 21:39:48 | 1609,818,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/26 19:56:30 | 005,158,590 | R--- | M] (Swearware) -- C:\Users\T42-Win7\Desktop\FC.com.exe
[2013/12/26 19:17:50 | 001,061,649 | ---- | M] (Farbar) -- C:\Users\T42-Win7\Desktop\FRST.exe
[2013/12/26 18:43:08 | 001,937,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\T42-Win7\Desktop\rkill.exe.com
[2013/12/26 18:43:08 | 001,937,144 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.exe.com
[2013/12/26 16:02:23 | 000,003,209 | ---- | M] () -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/26 15:05:53 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2013/12/26 15:05:32 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/12/26 14:49:21 | 001,440,846 | ---- | M] () -- C:\Users\T42-Win7\Desktop\mbam-chameleon-1.62.1.1000.zip
[2013/12/26 14:48:26 | 081,224,032 | ---- | M] (Sophos Limited) -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.exe
[2013/12/26 14:46:26 | 000,377,856 | ---- | M] () -- C:\Users\T42-Win7\Desktop\x5GM00ERj.exe
[2013/12/26 14:41:06 | 000,782,640 | ---- | M] (McAfee, Inc.) -- C:\Users\T42-Win7\Desktop\rootkitremover.exe
[2013/12/25 10:49:09 | 000,000,512 | ---- | M] () -- C:\Users\T42-Win7\Desktop\MBR.dat
[2013/12/25 08:53:25 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\T42-Win7\Desktop\mbar-1.07.0.1008.exe
[2013/12/24 20:41:31 | 000,000,620 | ---- | M] () -- C:\Users\T42-Win7\Desktop\ComboFix - Shortcut.lnk
[2013/12/24 19:36:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T42-Win7\Desktop\OTL.exe
[2013/12/24 19:08:22 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\T42-Win7\Desktop\aswmbr.exe
[2013/12/24 18:31:56 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\T42-Win7\Desktop\tdsskiller.exe
[2013/12/24 18:28:12 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\T42-Win7\Desktop\dds.com
[2013/12/24 17:11:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/24 14:41:00 | 012,184,544 | ---- | M] (OPSWAT, Inc.) -- C:\Users\T42-Win7\Desktop\AppRemover.exe
[2013/12/23 22:25:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/23 22:25:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/15 09:06:45 | 003,770,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 19:17:24 | 000,001,150 | ---- | M] () -- C:\Users\T42-Win7\Desktop\test.htm
[2013/12/11 18:51:38 | 000,000,103 | ---- | M] () -- C:\Users\T42-Win7\Desktop\completed.htm
[2013/12/11 18:50:38 | 000,000,103 | ---- | M] () -- C:\Users\T42-Win7\Desktop\cancelled.htm
[2013/12/11 09:00:23 | 000,002,000 | ---- | M] () -- C:\Users\T42-Win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/10 12:06:07 | 000,131,072 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/12/09 15:02:43 | 000,000,232 | ---- | M] () -- C:\Users\T42-Win7\Desktop\montrealweather.html
[2013/12/07 11:48:19 | 000,002,084 | ---- | M] () -- C:\Users\T42-Win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2013/12/07 11:48:19 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2013/12/07 10:58:42 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2013/12/02 10:22:34 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/12/26 21:29:26 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013/12/26 18:57:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/26 18:57:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/26 18:57:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/26 18:57:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/26 18:57:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/26 16:02:23 | 000,003,209 | ---- | C] () -- C:\Users\T42-Win7\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/26 14:58:39 | 000,377,856 | ---- | C] () -- C:\Users\T42-Win7\Desktop\x5GM00ERj.exe
[2013/12/26 14:49:09 | 001,440,846 | ---- | C] () -- C:\Users\T42-Win7\Desktop\mbam-chameleon-1.62.1.1000.zip
[2013/12/25 10:49:09 | 000,000,512 | ---- | C] () -- C:\Users\T42-Win7\Desktop\MBR.dat
[2013/12/24 20:41:31 | 000,000,620 | ---- | C] () -- C:\Users\T42-Win7\Desktop\ComboFix - Shortcut.lnk
[2013/12/11 18:53:56 | 000,001,150 | ---- | C] () -- C:\Users\T42-Win7\Desktop\test.htm
[2013/12/11 18:38:30 | 000,000,103 | ---- | C] () -- C:\Users\T42-Win7\Desktop\completed.htm
[2013/12/11 18:38:02 | 000,000,103 | ---- | C] () -- C:\Users\T42-Win7\Desktop\cancelled.htm
[2013/12/09 14:56:29 | 000,000,232 | ---- | C] () -- C:\Users\T42-Win7\Desktop\montrealweather.html
[2013/12/07 12:31:53 | 000,131,072 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2013/12/07 11:48:19 | 000,002,084 | ---- | C] () -- C:\Users\T42-Win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2013/12/07 11:48:19 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2013/12/07 10:58:42 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2013/11/01 16:45:06 | 000,001,471 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\recently-used.xbel
[2013/10/12 14:33:21 | 000,000,148 | -H-- | C] () -- C:\Windows\System32\WP007377.bin
[2013/10/12 14:33:21 | 000,000,148 | -H-- | C] () -- C:\Windows\AF683760.bin
[2013/10/01 15:35:29 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
[2013/07/20 14:19:05 | 000,000,258 | RHS- | C] () -- C:\Users\T42-Win7\ntuser.pol
[2013/07/12 11:08:04 | 000,002,327 | ---- | C] () -- C:\Users\T42-Win7\bx86.bat
[2013/07/12 10:42:06 | 000,707,354 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/12 10:42:06 | 000,003,638 | ---- | C] () -- C:\Windows\unins000.dat
[2013/06/04 08:40:37 | 000,000,293 | ---- | C] () -- C:\Windows\dellstat.ini
[2013/06/04 08:39:34 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2013/06/04 08:39:34 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2013/06/04 08:39:34 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2013/06/04 08:39:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2013/06/04 08:39:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2013/06/04 08:39:34 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBChcp.dll
[2013/06/04 08:39:34 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBCinst.dll
[2013/06/04 08:39:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2013/06/04 08:39:33 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2013/06/04 08:39:33 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2013/06/04 08:39:33 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2013/06/04 08:39:33 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2013/06/04 08:39:33 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbcinsb.dll
[2013/06/04 08:39:33 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2013/06/04 08:39:32 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
[2013/06/04 08:39:32 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2013/06/04 08:39:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2013/06/04 08:39:32 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2013/06/04 08:39:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2013/06/04 08:39:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2013/06/04 08:39:31 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2013/06/04 08:38:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2013/06/04 08:38:23 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2013/05/21 15:06:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/01 09:01:26 | 000,038,495 | ---- | C] () -- C:\Users\T42-Win7\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/01/01 04:36:10 | 000,099,400 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe
[2013/01/01 04:36:10 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys
[2012/09/19 04:07:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/14 04:28:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\HPMLVS60.dll
[2012/08/12 04:03:58 | 000,092,160 | ---- | C] () -- C:\Windows\smgrinst.exe
[2012/08/12 04:03:53 | 000,124,792 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012/08/12 03:38:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sso2ml3.dll
[2012/08/03 09:08:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012/08/03 09:08:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012/07/30 06:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/07/30 06:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/07/30 06:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/07/30 06:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/07/28 11:03:42 | 000,009,379 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp28.html
[2012/07/26 04:05:39 | 000,010,103 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp54.html
[2012/07/26 04:05:28 | 000,003,193 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp35.html
[2012/07/25 04:37:47 | 000,001,293 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Temp1.html
[2012/07/20 00:10:37 | 000,027,520 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\dt.dat
[2012/07/14 09:04:00 | 000,037,772 | ---- | C] () -- C:\Windows\System32\drivers\ulink.sys
[2012/07/14 09:04:00 | 000,005,406 | ---- | C] () -- C:\Windows\System32\drivers\M5633.BIN
[2012/07/02 03:52:54 | 000,184,320 | ---- | C] () -- C:\Windows\TPBATHLP.EXE
[2012/06/23 10:28:50 | 000,001,533 | ---- | C] () -- C:\Users\T42-Win7\.davmail.properties
[2012/06/19 14:05:03 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012/05/23 16:55:02 | 000,001,801 | ---- | C] () -- C:\Windows\unvpeye.ini
[2012/05/23 16:51:44 | 000,000,392 | ---- | C] () -- C:\Windows\WebEye.ini
[2012/05/23 14:47:41 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2012/05/23 14:47:39 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012/05/15 07:36:05 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012/02/29 10:59:15 | 000,046,592 | ---- | C] () -- C:\Windows\io.dll
[2012/02/16 09:42:15 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jspWin.dll
[2012/02/13 05:31:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\MPMapTrace.dll
[2012/02/13 04:40:18 | 000,364,544 | ---- | C] () -- C:\Windows\System32\mpPathan.dll
[2012/02/01 11:42:32 | 000,008,704 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 18:44:07 | 000,006,746 | ---- | C] () -- C:\Users\T42-Win7\logo.png
[2011/11/02 11:44:41 | 000,007,608 | ---- | C] () -- C:\Users\T42-Win7\AppData\Local\Resmon.ResmonCfg
[2011/10/31 08:27:13 | 000,000,551 | ---- | C] () -- C:\Users\T42-Win7\AppData\Roaming\AutoGK.ini
[2011/04/25 15:44:52 | 000,000,001 | ---- | C] () -- C:\Users\T42-Win7\temp.dat
[2010/04/17 15:52:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/01/11 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/11 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
[2013/07/18 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\.kde
[2013/03/09 08:11:42 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\4Team
[2012/09/08 12:17:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Artisteer
[2011/05/09 17:12:20 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Astroburn Lite
[2013/08/24 14:49:59 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Audacity
[2011/10/31 14:37:28 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Broderbund
[2013/10/22 19:27:02 | 000,000,000 | -HSD | M] -- C:\Users\T42-Win7\AppData\Roaming\Common
[2012/02/09 11:46:02 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\ControlCenter4
[2011/04/27 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Cryptomathic
[2013/06/10 13:28:31 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\DAEMON Tools Lite
[2013/04/01 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\DassaultSystemes
[2011/04/23 03:49:38 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\DriverFinder
[2013/07/19 07:55:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Dropbox
[2013/10/12 14:23:13 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Druide
[2013/04/18 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\EndNote
[2011/10/14 10:05:52 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\FileOpen
[2013/12/11 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\FileZilla
[2013/10/09 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Foxit Software
[2013/11/05 10:04:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\gnupg
[2013/12/26 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\GoldenDict
[2012/07/02 12:40:12 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\gtk-2.0
[2012/03/11 09:59:17 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\HandyTimer
[2013/09/24 09:56:40 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\ImgBurn
[2013/08/29 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\InfraRecorder
[2011/04/24 16:15:34 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\IrfanView
[2013/07/25 12:10:03 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Juniper Networks
[2013/10/08 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\LibreOffice
[2012/07/20 04:27:34 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\MapInfo
[2012/07/19 02:47:55 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\MapWindow
[2013/09/23 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Microchip
[2013/03/01 13:01:01 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\MyPhoneExplorer
[2012/08/17 08:15:22 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Nokia
[2012/01/08 12:20:23 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Nuance
[2013/11/01 16:26:12 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\OnecomCloudDrive
[2010/06/11 01:57:13 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\OpenOffice.org
[2012/08/17 08:15:25 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PC Suite
[2013/08/20 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PDF Architect
[2012/05/16 03:14:06 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PDF Software
[2013/03/28 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\pdfforge
[2012/04/24 12:43:07 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PrimoPDF
[2012/06/11 11:07:30 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\PwrMgr
[2013/12/07 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Samsung
[2013/06/16 17:08:02 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\SketchUp
[2011/11/20 23:28:36 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Softplicity
[2011/11/03 07:55:51 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\SystemRequirementsLab
[2013/04/02 03:41:31 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\TeamViewer
[2013/06/28 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Termite
[2012/07/04 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Thunderbird
[2013/05/20 02:55:44 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Tracktion
[2012/12/17 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\TuneUp Software
[2013/05/21 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\URSoft
[2013/10/22 19:44:47 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\uTorrent
[2013/09/17 21:52:44 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\VideoEditor
[2011/11/08 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\WinZip
[2012/01/08 12:20:39 | 000,000,000 | ---D | M] -- C:\Users\T42-Win7\AppData\Roaming\Zeon

[color=#E56717]========== Purity Check ==========[/color]

< End of report >

OTL Extras logfile created on: 27/12/2013 07:19:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\T42-Win7\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.64% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.05 Gb Total Space | 15.56 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
Drive D: | 79.10 Gb Total Space | 3.96 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 1.33 Gb Free Space | 36.85% Space Free | Partition Type: FAT32

Computer Name: T42-WIN7 | User Name: T42-Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0850BD82-8ED3-4140-B3CC-B260BE0D10AF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{148F1974-F09C-4EE3-A317-A1748763F55D}" = rport=139 | protocol=6 | dir=out | app=system |
"{19CA4154-0E02-4E2F-A0C4-D210EA6213D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DEFB0C3-8C49-47A8-AD13-39BBB5B297F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21610ECB-B5F6-47DF-A314-607E6E0CA2FE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2179ED44-6063-4EB7-83BD-7B091BA77F79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C0B4213-139C-4989-9EBD-49DE899179AA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2C2BB185-5B1E-4572-A04A-089A9F433FAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{374DCBA9-6287-4576-BE26-80083306784C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3802637D-D3DF-4855-B309-157B8E11D682}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E4241D2-E11C-474C-89FF-CD80C9995686}" = lport=137 | protocol=17 | dir=in | app=system |
"{4179677A-3023-4103-8AE3-8419B9910163}" = rport=137 | protocol=17 | dir=out | app=system |
"{4CD30EBB-DFD6-4510-B522-1AFDC257FC98}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E3C2345-A7A2-4564-AB7E-A0E4296D73F5}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{6419BEEA-67DB-4219-A975-5F67156AA858}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{718EA571-E36B-46F0-A8E0-C94C78038238}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75EC0FA1-B361-46FB-98AB-8CCE8F6A85CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78D6B1C7-28CB-4B5B-95D8-89549FA5374A}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DB501A3-30A5-4C2B-A531-8E760809E741}" = lport=445 | protocol=6 | dir=in | app=system |
"{860AA3CB-F6D5-4792-8092-8150B8590B19}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8E0E6FB1-AEEA-4F8F-83CC-B8CDDD943EC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{909BD4BE-2E54-4198-969A-33A9D7AE2BF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98AD13AD-40F7-415F-BD32-B7D5D0CCD059}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A6A53265-0E17-42B2-ADC4-44BA5712AD35}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A726362D-BA9F-428A-A574-7BEE2B4A60C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{A834D71C-4BFF-47E4-92AF-4E8E18056E94}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AE090CFD-383D-4EB3-BF61-5DBC8E87A73E}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1B2067A-3DDE-4633-B6A9-CC49823CF4BE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B4C02D5A-0C25-4243-B6D0-6919AAA82848}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD53AAD4-5146-4AB0-8EE8-A4EB51EB06D7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C0A186E0-FD45-4E2C-AC7F-8C75AD6F2D9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9E6DA02-F88D-4778-B254-D893B6437D88}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F59EE8D3-4CA0-48AB-9BEA-1DF9F6F9C310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F862B7A9-13A0-41E4-87BD-9CAA44D71864}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031AEC9D-57FB-4E60-99E5-79A099BA6B19}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623\sscan2io.exe |
"{0B563C93-BCC2-45E2-9D2B-0605A9A09B2E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{10D3A599-02FA-442E-A4D8-6A2D03138A11}" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpnserv.exe |
"{14C1905C-BA71-4ED9-968E-FF15544CECD3}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623\sscan2io.exe |
"{15DD81BB-0929-4FC8-888D-617C1D039657}" = protocol=6 | dir=in | app=c:\belkin\printserver\setup.exe |
"{1922411B-4BD1-49A9-B737-A1CBFB082920}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbcpswx.exe |
"{19F4A129-C067-44C9-84D2-99504BD24E4E}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{1C0FC120-46A7-43F4-8FED-672B056C0B3B}" = protocol=6 | dir=in | app=c:\program files\diafaan sms server\diafaanmessageserver.exe |
"{1C44A4FE-7F66-44CC-95DD-05CDCF4F37A7}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe |
"{1D32AD94-E86C-4233-9AEA-9C8249FBC354}" = protocol=6 | dir=in | app=c:\program files\flashintegro\videoeditor\videoeditor.exe |
"{1D64267B-9A51-40E4-BE1E-E13E4EF65353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21FE640F-E289-4FFD-8C47-72BEA9109078}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{242D01E1-9D71-4231-8F69-8620C25D3C59}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2C89315C-80DC-4070-AC4C-2C38A3A1471A}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623\scan2pc.exe |
"{2CB55D73-9F0D-485F-A6D9-39C7B91C57AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3D8DACB0-732F-459C-BB09-28F94D653B1F}" = protocol=6 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E213315-3DD6-4EB2-AF3B-189575834AE1}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{4159D090-7E52-4200-88E9-4DDE6551C1A3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{42069D39-36C7-4AE5-AF38-9628B5826704}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{460C55A1-8010-4283-A51D-EF7344B2B749}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{467C80C3-5B34-4072-84AB-8A6EA57228D8}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{4AF5FC25-E44D-433A-A199-41D2126F2E3B}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{4CABA915-2BCF-4B2D-A77B-5211F59E43D9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{4E43BD39-727F-4EDE-9F3B-35FF06D4D829}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4FEFBF82-2497-4F53-9164-DE69BDCE0626}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{509FAD5D-BC13-4FB9-AC12-82F2D75998C1}" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"{52A26245-AC3F-4312-AC94-001DF55FD7BB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{53B64D00-4FEA-4B3B-9869-EACF2B756660}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{5C26C26B-7801-4F6D-BBDC-03775135CEA1}" = protocol=17 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
"{64FA24A3-7C8B-4256-99C5-A6ACB3FDD998}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{66A8E8C0-9257-48A8-B559-07CB228DFCC0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1005mc.exe |
"{68EC30E2-97BC-4F35-A231-2D1510060A14}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1005mc.exe |
"{698E80AC-A296-4C15-87FD-D5C467F440F8}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicatorcom.exe |
"{6FA082BB-8C6D-4905-A119-540F0A5C1A8D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{734900E4-441B-4949-BEF0-645B166623B3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{79839120-6DF9-49A2-9CF6-2CB6878AC567}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{7DC79D44-0041-4959-8160-5FBD38E299CB}" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"{7EFE63FD-5FBF-46EB-8AD0-CBBA449F1092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{842F21EA-688F-465A-8512-13C6EFB53744}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{8A154F44-B513-4BFC-827C-C413DB8C9981}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{8D4D0C76-3BF7-4293-8DEA-B1C83AB63E59}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9031C30F-A33C-46A8-8385-A459E3890C8C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{92E36746-BB9D-4F3E-B0DE-CEF78E1C6993}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{96279E4F-223C-4145-9FC3-3B8655FB5BD1}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe |
"{9AFEE02F-57AB-4276-BD12-FEBB76F9EE72}" = protocol=17 | dir=in | app=c:\program files\flashintegro\videoeditor\videoeditor.exe |
"{9C9AD73F-7637-4F3D-A2D2-A156FA27B724}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{9C9EB9B7-F813-40EE-8C5A-C3F37A3F5A9F}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{9FB9E672-38FC-4A73-A96E-4F7A3392A8BF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{A0448A53-AC2B-4778-B02A-2F9DAE7EF227}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A4263AAB-E26D-4AD9-8A68-EF58F012A270}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{AC3F7CA1-B223-447F-8F44-E78F5CDA2F5D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{AD8D3524-7F01-4D57-8EC4-BF69D56242A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD960EDF-9711-4B9E-A604-6A06DEF129E6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B3FC84E7-6AB9-4231-954C-D0E4263F9338}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{B6CBFB29-D6C4-4F5C-8E42-327FD2FD5B2E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{B9CC6020-194F-48B6-BA27-558136C0EEE8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BBC90C3A-90D2-4F85-BF05-0725E6782933}" = protocol=17 | dir=in | app=c:\belkin\printserver\setup.exe |
"{BFD7DAE1-84FA-4D9C-B671-1834D72AD09F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C0FC43C2-92E7-4B07-9011-8E335AC4E2C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2FEE7D5-CD39-45B9-86E6-CDBE43B2CF62}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{C3F625EA-5684-45A0-8E01-1E25B501C847}" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn-gui-1.0.3.exe |
"{C69EF43C-AA8C-4172-B0C7-70520F8A976F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{C7EF6C03-DDFA-4794-BAEC-064D12D372CF}" = protocol=6 | dir=in | app=c:\program files\flashintegro\videoeditor\updater.exe |
"{C9780EF7-72A5-42B1-A889-4A2129B7E5F9}" = protocol=17 | dir=in | app=c:\program files\flashintegro\videoeditor\updater.exe |
"{CD75C8F4-7B62-4630-A778-15EFE495BF36}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CEEDB9F5-0523-4620-81F6-4929EFA967EE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{CFDFCE34-6BB4-4159-9F30-F3F1F26A6113}" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn-gui-1.0.3.exe |
"{D0433A79-A1BC-4650-9F85-C02EE31C4356}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{D11F95FE-6426-48ED-AE79-14DF5246FD42}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D1864BB4-283A-4B50-861F-77702DFAA0E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D8C2A12C-E59C-4D3C-8853-36655AC31C84}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623\scan2pc.exe |
"{DE64DBCE-3433-4873-94EC-5061AAA494D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E714B649-43B9-41C0-A0D3-B11DBD9F5081}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E89B8134-271D-4AB8-BF70-664F50B0CA64}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbcpswx.exe |
"{E9F4D1E9-0A2C-4CDD-911D-085B611768DD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{EA5A3AC6-5FA8-4593-AA8E-7254610236E5}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{EA742AFF-6198-463C-88F5-D21B4ECFD991}" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpnserv.exe |
"{ECA01903-617C-4B52-903E-665ED919C6A4}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{EDD62561-55F0-4C43-BA14-7103B9A6AB88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EFA127D6-1297-47B3-8800-1D1D0EBBC14B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F3A137A6-E387-4FED-857C-BE0F9CA89632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F97A0228-70D0-4CAC-8021-15F344FA0A39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCA8F266-CA6A-4CB1-8F07-27A095F8B178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEC0B59F-E3D3-457E-B43E-ABA3392F2CC6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{FFE15238-99F8-4DD8-B405-D63B3DF2693B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{1E6E6D7C-A499-48E1-8F74-1DE841E7CC10}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{22A74F26-013F-4C56-8EE6-4FA4FDA8D5E0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{2A87FA2D-14F9-4C1D-B8DB-0CDE291178C6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{42899ADC-C149-409B-913C-4DF75CCBAE10}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{5F78E6EE-9FA4-4219-AC8C-0E65F1C78774}C:\program files\davmail\davmail.exe" = protocol=6 | dir=in | app=c:\program files\davmail\davmail.exe |
"TCP Query User{649B5754-E4FE-4DCD-98B1-9636B2151065}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8380A434-1B7B-475B-A153-546AB96686DE}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{8D915036-25F3-4FD5-A49D-D21DA7B7C613}C:\program files\davmail\davmail.exe" = protocol=6 | dir=in | app=c:\program files\davmail\davmail.exe |
"TCP Query User{98030F19-2418-4DF1-92AD-8BDB4EC7F4AA}C:\vp-eye\avi\avi.exe" = protocol=6 | dir=in | app=c:\vp-eye\avi\avi.exe |
"TCP Query User{9D7ADDC8-BA45-496D-BAFA-DA382385725F}C:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{AE12BFFD-CB6D-46DE-93BA-91A814E32F9C}C:\program files\webeye\webeye.exe" = protocol=6 | dir=in | app=c:\program files\webeye\webeye.exe |
"TCP Query User{B467A9AB-6913-418F-943C-8F4AE5597177}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{B613A939-DF86-4301-A7A7-195B6F80C0F1}C:\belkin\printserver\setup.exe" = protocol=6 | dir=in | app=c:\belkin\printserver\setup.exe |
"TCP Query User{C6E980F5-F876-4246-93B7-57F6CDBE29BF}D:\utility\pd\bin\pd.com" = protocol=6 | dir=in | app=d:\utility\pd\bin\pd.com |
"TCP Query User{D137C079-A8A0-47D4-9ED1-99142A77CFA2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D63E3AB6-1CC5-4762-9CFD-EDCC46DC2309}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{F9C3C05D-984F-422F-A6AB-814257BC4D09}C:\program files\bel\realterm\realterm.exe" = protocol=6 | dir=in | app=c:\program files\bel\realterm\realterm.exe |
"UDP Query User{10DEAADE-DA29-4291-A749-9D1C9ECAA27D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1F54BAFE-9043-4FD8-B997-9899254C6487}C:\belkin\printserver\setup.exe" = protocol=17 | dir=in | app=c:\belkin\printserver\setup.exe |
"UDP Query User{309F7BA4-5831-46F5-B131-4A7E6F0A1097}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{3FAEC8F4-6356-45DD-BA74-068F87C99660}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4BAAE511-87D6-47B5-91D8-CE5F1781393B}C:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\t42-win7\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4DF93DA3-5A65-4398-BD31-91E2F90FB60F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5D8C6122-AAFF-46DB-BF65-243F212888BF}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{73A081CB-611F-4E0A-827F-83BA4200ACCC}D:\utility\pd\bin\pd.com" = protocol=17 | dir=in | app=d:\utility\pd\bin\pd.com |
"UDP Query User{760B2928-1E77-453F-AD7F-23CE27B1D6A4}C:\program files\webeye\webeye.exe" = protocol=17 | dir=in | app=c:\program files\webeye\webeye.exe |
"UDP Query User{7BAFBD3C-E71D-44A9-8634-87F1AE23C83A}C:\program files\davmail\davmail.exe" = protocol=17 | dir=in | app=c:\program files\davmail\davmail.exe |
"UDP Query User{7E15291B-E2F0-4C7A-92B2-671588458E23}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{83D29DF5-E36A-4F0B-9EE4-A70F9F6350E7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{952F9C29-929F-4550-93F6-655B48ABB880}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ADC4A69C-CD9D-43C7-92A3-29244A3D091E}C:\program files\bel\realterm\realterm.exe" = protocol=17 | dir=in | app=c:\program files\bel\realterm\realterm.exe |
"UDP Query User{BEB1D4E1-20F1-4FF4-A12F-19FC7CD7EE77}C:\vp-eye\avi\avi.exe" = protocol=17 | dir=in | app=c:\vp-eye\avi\avi.exe |
"UDP Query User{D230E068-EF63-42CE-AF48-56F6CD3B7C62}C:\program files\davmail\davmail.exe" = protocol=17 | dir=in | app=c:\program files\davmail\davmail.exe |
"UDP Query User{EBFF3129-90DB-4216-93EE-CE5910BC3B4B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0018DC60-E4CB-4884-81EC-52CF2BAF54EF}_is1" = MapWindow GIS
"{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}" = ZTE LTE Device USB Driver
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{03B20126-F3C2-11D5-A6D2-00C026001DCA}" = WebEye
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{077A3898-EB5A-49DF-989B-6E41A7C31EC8}" = ID Flow 5.0 Trial
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}" = Antidote 8
"{0A960933-4D39-4495-A3F5-E5149943D761}" = EasyFace Logon
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F3C9093-6C13-484D-8385-93AA21BEC025}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1" = gpedt.msc 1.0
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad Ultranav-funktioner
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BC1208B-4A69-4789-AD98-4510A527F4F3}" = B&W Port Scanner
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1C5E35C2-583E-436B-AFC8-FB3F9B917C33}" = FileOpen Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = Mobile Broadband
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A01368B-231F-3FF9-9CCB-03A99223E1CC}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{2A321FD8-4345-48AD-B438-DFD7887CD19B}" = XD-2 SoftApp
"{2B11DE71-52D5-4D2F-9B90-5793BE9FF99F}" = Professional GP300/GM300 Series CPS (R03.09.03_EN)
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2DEC3D95-BEB0-4BFA-A322-7C2B3AFAA01A}" = HP Photosmart 7510 series Basic Device Software
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7065DN
"{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}" = Oracle VM VirtualBox 4.2.16
"{3E833A3C-19CB-48EE-BD52-AE7896435AFF}" = Commercial Series Customer Programming Software
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}" = Microsoft SQL Server 2012 Command Line Utilities
"{46561F4C-8C4B-3B79-81FA-074CD2E14584}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{482A01F8-A9C9-4DB6-84DE-265A2B763F20}_is1" = LogMeTT 2.9.9
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC8EA7A-7426-42C3-8753-83300BDD225E}" = HTTPS Tunnel Agent Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype? 6.1
"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{564C81A7-10D5-46F5-91C5-64B156499EA6}_is1" = PD version 0.38.4-extended-RC8 & YAMI 0.19
"{5B2E111B-0DEC-46C3-A6FA-BB4E4D2F76EB}_is1" = Agrolog2500 ver 1.2
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE250C7-08C8-44A6-8472-F0893122A7FA}" = Professional GP300/GM300 Series CPS (R03.11.03_EN)
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{652881BB-D5B3-4490-8AA2-AC4AEC27CD9F}" = Professional GP300/GM300 Series CPS (R03.11.15_EN)
"{656E8ADB-805B-4E88-AF68-D01BBB44594D}" = YAT
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C11089A-E23F-4E9B-B12C-316BF1A4376B}" = Pdfedit
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
"{757CC236-67FF-421E-A2B5-3C0C8B76E625}" = Mavis Beacon Deluxe - 25th Anniv. Ed.
"{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
"{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}" = Microsoft SQL Server Compact 4.0 SP1 ENU
"{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{83C7F964-AC58-4104-B613-B4D0F61DA8CD}" = Microsoft SQL Server 2012 Native Client
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B24D932-F22D-4CBF-93B2-740CE30D4DE2}" = Alpha Series Radios CPS
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = NemID CSP
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.1
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0406-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2007
"{90120000-0017-0406-0000-0000000FF1CE}_OMUI.da-dk_{6127DAC2-962C-44CA-9ABD-0D5A65473A1C}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_OMUI.da-dk_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.da-dk_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
"{90120000-0044-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_OMUI.da-dk_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
"{90120000-00A1-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
"{90120000-00BA-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{E5976D99-7E98-4495-98A3-53E177560905}" =
"{90120000-0100-0406-0000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2007
"{90120000-0100-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0406-0000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2007
"{90120000-0101-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}" = Assistant de téléchargement
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{947852CE-C9E9-E7AF-E547-5AC29E923A98}" = ccc-utility
"{961C5B66-92B7-47C6-923B-AB492B5E55D4}" = Intel(R) Processor ID Utility
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{A262095C-F03B-4611-AE87-7156859DC7F9}" = M-Audio Legacy Keyboard Driver 5.0.0 (x86)
"{A2E2BBFF-E26E-4889-B8BE-B7208B23E5C6}_is1" = ExpSuite - ITDSync 4.0.10.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{ADA94B31-C2F9-8EE1-79A3-E3A854B58ED2}" = Catalyst Control Center Graphics Previews Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B362A397-B38A-3A23-A190-611F9C7EB4F9}" = Microsoft Visual C++ 2012 Core Libraries
"{B5811946-60F6-434A-A9B8-A7673631E72B}" = GC-Prevue
"{B6A89577-E474-ACCB-FF8B-9B3874A8E227}" = Catalyst Control Center InstallProxy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BB1E3B57-40C4-4C11-A01B-4580FD1C48C2}" = 3D XML Player
"{BDA71601-8B09-4B2C-8C35-D2A905790AF5}" = Professional GP300/GM300 Series CPS (R03.07.04_EN)
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CADEAC59-9D63-4E13-A22B-D6BFBFB30174}" = MapInfo Professional 11.0
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D50400AA-D25A-463B-98BF-E09585325711}" = DesignSpark PCB
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{D8B95283-E9A3-4ACE-BD3F-AFB08CC336EF}" = Anonyproz Server Speed Checker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DA2981-3298-4F1A-9192-F2CF5BD91145}" = Microsoft SQL Server 2012 Express LocalDB
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}" = SIM MAX
"{DD3CB916-F91A-41B9-B276-CAC090E91021}" = LibreOffice 4.1.2.3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E813B921-055A-2467-1190-697A557ECA8E}" = Catalyst Control Center
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0255E9A-E5CA-44AF-B7D1-04A168A64DC5}" = Professional GP300/GM300 Series CPS (R03.08.03_EN)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3994C37-1C7E-11D6-BD0D-00B0D0E30C5F}" = Motorola Professional Radio CPS-R03.00.00
"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE2AE129-A29B-4C52-AC5A-24EF4F579700}" = MPLAB Tools v8.84
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd ?LegacyDriver? (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7E15D8A4-746B-4D44-8D59-93785F491A95_is1" = Unlock Document License version 1.1
"7-Zip" = 7-Zip 9.20
"92F0D145-AF7A-43BD-9C3D-1807A3F5221E" = SleepTracker3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Artisteer 3" = Artisteer 3
"ASF-AVI-RM-WMV Repair_is1" = ASF-AVI-RM-WMV Repair 2.01
"Astroburn Lite" = Astroburn Lite
"Astroburn Toolbar" = Astroburn Toolbar
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.3
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DavMail" = DavMail 3.9.8-1921
"Dekart SIM Reader 3" = Dekart SIM Reader 3.1
"Dell Photo Printer 720" = Dell Photo Printer 720
"Diafaan SMS Server" = Diafaan SMS Server
"Digital Signatur" = Digital Signatur
"DivX Setup" = DivX Setup
"DriverFinder" = DriverFinder
"DSO-2090 USB(Ver7.0.0.2)" = DSO-2090 USB(Ver7.0.0.2)
"dumeter3_is1" = DU Meter
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.8 (26/02/2013) Qt
"DVDx 4.0" = DVDx 4.0
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"Ear Test_is1" = Ear Test 1.00
"EaseUS Partition Recovery_is1" = EaseUS Partition Recovery 5.6.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"F9F51294-C0A2-4715-B7F7-A0BBF642C785_is1" = Home Audiometer Hearing Test
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FileTip" = FileTip
"FileZilla Client" = FileZilla Client 3.7.3
"Foxit Reader_is1" = Foxit Reader
"GIMP-2_is1" = GIMP 2.8.6
"GoldenDict" = GoldenDict
"Google Chrome" = Google Chrome
"GPG4Win" = Gpg4win (2.1.1)
"HaaliMkx" = Haali Media Splitter
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{D50400AA-D25A-463B-98BF-E09585325711}" = DesignSpark PCB Version 4.0
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FE2AE129-A29B-4C52-AC5A-24EF4F579700}" = MPLAB Tools v8.84
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.6
"jEdit_is1" = jEdit 4.5.1
"Juniper Network Connect 7.3.0" = Juniper Networks Network Connect 7.3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Lær førstehjælp" = Lær førstehjælp
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LatencyMon_is1" = LatencyMon 4.02
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"melabs Programmer Beta_is1" = melabs Programmer Beta version 4.41.0
"MicroCode Studio (MCSX)_is1" = MicroCode Studio (MCSX)
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Mozilla Thunderbird 24.2.0 (x86 en-US)" = Mozilla Thunderbird 24.2.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Multidictionnaire" = Multidictionnaire
"NemID CSP" = NemID CSP
"nLite_is1" = nLite 1.4.9.1
"Nokia PC Suite" = Nokia PC Suite
"OMUI.da-dk" = Microsoft Office Language Pack 2007 - Danish/dansk
"OnScreenDisplay" = On Screen Display
"OpenVPN" = OpenVPN 2.2.2
"PBP3_is1" = PICBASIC PRO(tm) Compiler 3.0.1.0
"pdfFactory" = pdfFactory
"pdfsam" = pdfsam
"PICC 9.81" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.81PL0
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PRJPRO" = Microsoft Office Project Professional 2007
"Professional GP300/GM300_CPS (R03.01.00_EN)" = Professional GP300/GM300 Series CPS (R03.01.00_EN)
"ProRadio CPS R06.01.00" = Motorola Professional Radio CPS-R06.01.00
"ProRadio CPS R06.04.00" = Motorola Professional Radio CPS-R06.04.00
"ProRadio CPS R06.05.00" = Motorola Professional Radio CPS-R06.05.00
"ProRadio CPS R06.10.02" = Motorola Professional Radio CPS-R06.10.02
"QuickGamma_is1" = QuickGamma 4.0.0.1
"Realterm" = Realterm 2.0.0.57
"RealVNC_is1" = VNC Free Edition 4.1.3
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung PC Studio 7" = Samsung PC Studio 7
"Samsung SCX-4623 Series" = Maintenance Samsung SCX-4623 Series
"SanityCheck_is1" = SanityCheck 2.02
"SimEditor (UB01)" = SimEditor (UB01) v.2.6.3 (remove only)
"SKYFILE" = SkyFile Mail
"SLABCOMM&10C4&EA60" = Leadtek GPS USB to UART Bridge (Driver Removal)
"Sleeptracker_is1" = Sleeptracker 3.13
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 8" = TeamViewer 8
"Tera Term_is1" = Tera Term 4.71
"Termite" = Termite
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tiff Combine_is1" = Tiff Combine
"Traffic Shaper XP Client" = Traffic Shaper XP Client
"Traffic Shaper XP Server" = Traffic Shaper XP Server
"Tunnelier" = Bitvise Tunnelier 4.40 (remove only)
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VISPRO" = Microsoft Office Visio Professional 2007
"visualCVS Client Version 4.02c_is1" = visualCVS Client
"visualCVS Server Version 4.02c_is1" = visualCVS Server
"VLC media player" = VLC media player 1.1.7
"VobSub" = VobSub v2.23 (Remove Only)
"VSDC Free Video Editor_is1" = VSDC Free Video Editor version 1.2.5.4
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YU2010_is1" = Your Uninstaller! 7
"Zain Broadband" = Zain Broadband

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1118010790-1470065544-1912479761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"OnecomCloudDrive" = One.com Cloud Drive 0.3.38.36584

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 26/12/2013 20:43:19 | Computer Name = T42-Win7 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/12/26 19:43:19.567]: [00002076]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.100]

Error - 26/12/2013 20:44:28 | Computer Name = T42-Win7 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/12/26 19:44:28.737]: [00002076]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.100]

Error - 26/12/2013 20:45:37 | Computer Name = T42-Win7 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/12/26 19:45:37.916]: [00002076]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.100]

Error - 27/12/2013 05:25:13 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
8\Programmes64\Antidote.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/12/2013 05:25:28 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
8\Programmes64\GesAnt.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/12/2013 05:25:43 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
8\Programmes64\Integrateur.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/12/2013 05:25:53 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
8\Programmes64\MoteurIntegration.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/12/2013 05:26:05 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
8\Programmes64\ReparationAntidote.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/12/2013 05:26:31 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Druide\Antidote
8\Programmes64\AgentAntidote.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/12/2013 05:28:21 | Computer Name = T42-Win7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
PC Studio 7\TIS_VistaPIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 22/05/2011 12:26:55 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 18:26:37 - Error connecting to the internet. 18:26:37 - Unable
to contact server..

Error - 22/05/2011 13:27:37 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 19:27:37 - Error connecting to the internet. 19:27:37 - Unable
to contact server..

Error - 22/05/2011 13:28:14 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 19:28:06 - Error connecting to the internet. 19:28:06 - Unable
to contact server..

Error - 22/05/2011 14:28:47 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 20:28:47 - Error connecting to the internet. 20:28:47 - Unable
to contact server..

Error - 22/05/2011 14:29:23 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 20:29:16 - Error connecting to the internet. 20:29:16 - Unable
to contact server..

Error - 22/05/2011 15:29:56 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 21:29:56 - Error connecting to the internet. 21:29:56 - Unable
to contact server..

Error - 22/05/2011 15:30:28 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 21:30:25 - Error connecting to the internet. 21:30:25 - Unable
to contact server..

Error - 14/06/2011 03:55:02 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 09:55:02 - Error connecting to the internet. 09:55:02 - Unable
to contact server..

Error - 14/06/2011 03:55:40 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 09:55:31 - Error connecting to the internet. 09:55:31 - Unable
to contact server..

Error - 18/06/2011 14:16:15 | Computer Name = T42-Win7 | Source = MCUpdate | ID = 0
Description = 20:16:15 - Error connecting to the internet. 20:16:15 - Unable
to contact server..

[ OSession Events ]
Error - 10/06/2011 12:49:56 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6595
seconds with 180 seconds of active time. This session ended with a crash.

Error - 22/06/2012 22:42:02 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15027
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 15/07/2012 18:18:36 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34974
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 09/03/2013 09:12:59 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/05/2013 03:08:43 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53204
seconds with 600 seconds of active time. This session ended with a crash.

Error - 02/09/2013 16:36:54 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1003
seconds with 60 seconds of active time. This session ended with a crash.

Error - 21/10/2013 14:58:29 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/11/2013 22:52:13 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 274075 seconds with 420 seconds of active time. This session ended with
a crash.

Error - 09/12/2013 13:01:14 | Computer Name = T42-Win7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/12/2013 22:25:43 | Computer Name = T42-Win7 | Source = ati2mtag | ID = 52225
Description =

Error - 26/12/2013 22:26:02 | Computer Name = T42-Win7 | Source = Service Control Manager | ID = 7000
Description = The DisplayFusionService service failed to start due to the following
error: %%2

Error - 26/12/2013 22:27:37 | Computer Name = T42-Win7 | Source = DCOM | ID = 10016
Description =

Error - 26/12/2013 22:29:06 | Computer Name = T42-Win7 | Source = ati2mtag | ID = 52225
Description =

Error - 26/12/2013 22:29:24 | Computer Name = T42-Win7 | Source = Service Control Manager | ID = 7000
Description = The DisplayFusionService service failed to start due to the following
error: %%2

Error - 26/12/2013 22:30:54 | Computer Name = T42-Win7 | Source = DCOM | ID = 10016
Description =

Error - 26/12/2013 22:39:57 | Computer Name = T42-Win7 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:36:10 on ?26-?12-?2013 was unexpected.

Error - 26/12/2013 22:39:53 | Computer Name = T42-Win7 | Source = ati2mtag | ID = 52225
Description =

Error - 26/12/2013 22:40:16 | Computer Name = T42-Win7 | Source = Service Control Manager | ID = 7000
Description = The DisplayFusionService service failed to start due to the following
error: %%2

Error - 26/12/2013 22:41:49 | Computer Name = T42-Win7 | Source = DCOM | ID = 10016
Description =


< End of report >
Paynor
Newbie
_
29. December 2013 @ 18:43 _ Link to this message    Send private message to this user   
Originally posted by ps355528:
I can see the problem from the first successful log.. and I'm pretty sure where it came from (i have a copy of the malware installer or a close relative saved on my hdd) thing installs teamviewer and a nice backdoor.. it was designed to trick the moronic into paying for "help".. but it's since been exploited by the automation people (runs and hides.. not me this time Guv.. honest)
...
ps355528: This machine has a legit installation of TeamViewer.
AfterDawn Addict
_
29. December 2013 @ 18:57 _ Link to this message    Send private message to this user   
That's part of the problem, Paynor. TeamViewer is a free tool that makes it incredibly easy to set and use a VPN connection; a Virtual Private Network that lets you take complete control of another PC from your own computer, whether they're separated by a soda can or a continent.

This Bot sets up a server and then has complete control of your computer.

Looked over the OTL log and we will head out when we can get more logs. I will send more instructions in a while..
Paynor
Newbie
_
29. December 2013 @ 19:02 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Originally posted by Paynor:

...

When done, please attempt to post the OTL logs you have and the MBAR folder..... mbar-log.txt and system-log.txt

2oG
Hello 2oldGeek,
OTL logfiles posted a few minutes ago.
Here are the mbar logfiles. It ran without finding anything:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.29.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
T42-Win7 :: T42-WIN7 [administrator]

29/12/2013 18:30:59
mbar-log-2013-12-29 (18-30-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 282729
Time elapsed: 19 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16750

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.698000 GHz
Memory total: 2146426880, free: 1174986752

Downloaded database version: v2013.12.29.06
=======================================
Initializing...
------------ Kernel report ------------
12/29/2013 18:30:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM86.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx86.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\System32\drivers\Tppwr.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\agp440.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\E1G60I32.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\nscirda.sys
\SystemRoot\system32\drivers\irenum.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\VSTICH3.SYS
\SystemRoot\system32\DRIVERS\VSTDPV3.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\bcim.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\wacmoumonitor.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\System32\Drivers\CommSB96.SYS
\SystemRoot\System32\Drivers\CommSBEP.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\Windows\system32\FsUsbExDisk.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86e63040
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff86994040
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86e63040, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86e64030, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86e63758, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff86e63040, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff869f3918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86994040, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EEC60

Partition information:

Partition 0 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 450513
Partition is not bootable
Hidden partition VBR is not infected.

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 453600 Numsec = 123835424
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 124291440 Numsec = 165889264

Partition 3 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 290183101 Numsec = 22398707

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_453600_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
AfterDawn Addict
_
29. December 2013 @ 19:13 _ Link to this message    Send private message to this user   
OK paynor, let's clean out some trash to clear the way.. This may take some time so please bare with me and pay no (or not much) attention to the pea-nut gallery. LOL


-Security Check-

Download Security Check by screen317.
Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.




--AdwCleaner--

Please download AdwCleaner by Xplode to your Desktop.

? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).




?Junkware Removal Tool--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.




--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


Please paste the logs in your next reply.
Let me know what problem persists.

2oG
Paynor
Newbie
_
29. December 2013 @ 19:14 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
That's part of the problem, Paynor. TeamViewer is a free tool that makes it incredibly easy to set and use a VPN connection; a Virtual Private Network that lets you take complete control of another PC from your own computer, whether they're separated by a soda can or a continent.

This Bot sets up a server and then has complete control of your computer.

Looked over the OTL log and we will head out when we can get more logs. I will send more instructions in a while..
Yes, I realise that TeamViewer may make things easier for malicious tools, but it was a tradeoff cost/benefit, or rather benefit/penalty :-(
VNC and other remote desktop tools probably have their own vulnerabilities too, even though they are not under direct corporate control to the extent that TeamViewer is because of its central "nameserver" model.

Oh, and while we are talking VPN, the machine also has OpenVPN installed, but only client side, not server.
Paynor
Newbie
_
29. December 2013 @ 19:32 _ Link to this message    Send private message to this user   
2oG - Here are the log files from SecurityCheck and ADWcleaner. Running the other 2 tools now...

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
Mozilla Thunderbird (24.2.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



# AdwCleaner v3.016 - Report created 29/12/2013 at 19:25:04
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : T42-Win7 - T42-WIN7
# Running from : C:\Users\T42-Win7\Desktop\tools\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Users\T42-Win7\AppData\Local\Conduit
Folder Deleted : C:\Users\T42-Win7\AppData\Local\PackageAware
Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\T42-Win7\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\T42-Win7\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
[!] Folder Deleted : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\.autoreg
File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEB45705-DCFC-4177-A361-0A354C6E5F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B898549-3D42-4654-8395-D7702E4BC8F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\T42-Win7\AppData\Roaming\Mozilla\Firefox\Profiles\q7kao55z.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14149");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "63C3DB4244ACA58CECD4896649BBD9DC");
Line Deleted : user_pref("extensions.BabylonToolbar.id", "552c792100000000000000fff05b7387");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15962");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "7");
Line Deleted : user_pref("extensions.BabylonToolbar.lastB", "hxxp://search.babylon.com/home");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.616:29:05");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"74\",\"lastVrsn\":\"74\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
Line Deleted : user_pref("extensions.BabylonToolbar.sid", "eb976fb385f640a8aaf304b16d9dc761");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=552c792100000000000000fff05b7387&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.617:20:30");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,avg@igeared:6.103.018.00[...]
Line Deleted : user_pref("extensions.proxytool.referers", "www.google.com,google.com,smallseotools.com,yahoo.com,bing.com,ask.com,currate.com,facebook.com,twitter.com,craigslist.org");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\T42-Win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10291 octets] - [29/12/2013 19:22:39]
AdwCleaner[S0].txt - [10366 octets] - [29/12/2013 19:25:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10427 octets] ##########
Paynor
Newbie
_
29. December 2013 @ 19:56 _ Link to this message    Send private message to this user   
RogueKiller found a couple of interesting registry keys, with the values:
"DisableTaskManager"
"DisableRegistryTools"
and some leftover AVG remnants and browser plugins (most of which I recognize). All deleted now with the RogueKiller Delete function.
The JRT and RogueKiller logs:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by T42-Win7 on 29/12/2013 at 19:37:06.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\searchplugins\absearch-search.xml
Successfully deleted the following from C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\prefs.js

user_pref("browser.startup.homepage", "hxxps://ixquick.com/|hxxps://ixquick.com/eng/?&cat=web&query=&r=681211");
Emptied folder: C:\Users\T42-Win7\AppData\Roaming\mozilla\firefox\profiles\q7kao55z.default\minidumps [294 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/12/2013 at 19:43:43.62
Computer was rebooted
End of JRT log


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : T42-Win7 [Admin rights]
Mode : Remove -- Date : 12/29/2013 19:52:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\T42-Win7\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 3b65b9b60f3d9a991f302eeef2ae2aa0-3d18f4ad89fcddc54426870831530db41067c46f --CMPID 0913b [x][x][x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM160HC ATA Device +++++
--- User ---
[MBR] fea3587ec07de1e327bca659278745cc
[BSP] dec26c570de3a1f3e1f2db83800e8158 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 63 | Size: 219 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 453600 | Size: 60466 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 124291440 | Size: 81000 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 290183101 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12292013_195219.txt >>
RKreport[0]_S_12292013_194938.txt
AfterDawn Addict
_
29. December 2013 @ 20:05 _ Link to this message    Send private message to this user   
I am going to watch Sunday night Football now. lol will go over all the logs a little later.

I would like for you to run the following. It's a different method for Combofix that might work.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Go to -> Here for your reference.

1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.


"%userprofile%\desktop\combofix.exe" /killall







3. Combo will begin to run DO NOTHING while this is happening.

? Do not attempt to use the internet or anything else while it's running.
? Do not mouseclick combofix's window while it's running. That may cause it to stall.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
? This needs to be done so the program can work most efficiently for you.


**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

If when it's completed you can not get on the internet just reboot the computer

Post the log from comboFix for me located in
c:\comboFix.txt



2oG
Paynor
Newbie
_
29. December 2013 @ 20:18 _ Link to this message    Send private message to this user   
2oG -

Just tried that, running combofix from the command line, with the /killall switch.
ComboFix still stalls at the same point, after a burst of HD activity and showing
"... However, scan times for badly infected machines may easily double"
Paynor
Newbie
_
29. December 2013 @ 20:36 _ Link to this message    Send private message to this user   
JRT failed to delete a Firefox plugin with the name "avg_igeared.xml". So I opened it in notepad to take a look, to my newbie eyes it looks like a very long cookie, normal for AVG plugin?

?xml version="1.0"?>
-<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/"><ShortName>AVG Secure Search</ShortName><Description>AVG Secure Search</Description><InputEncoding>UTF-8</InputEncoding><Image height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9kCFwY2B10eo2UAAAQbSURBVDgRARAE7/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAACYnqP/5ejpAPT09QAMDAsAGxgXAGhiXQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAh46U/xIREgAlKyoAChgcAOji4QDf1tYA9/TxAHpybAEAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAJieo//9/wEAZmBaANvr9QDp8/kABQYCAAoJAwDBsLAACQQCAGhiXQEAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAA5ejpACQtKwDU6PMA7/j7ABQTBgAUEQYACgkDACcvLgDl6OkAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAD09PUAExsdAO30+gAMDQMAEQkFABMHBQAPBQQAIyYhAPT09QAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAwMCwDm3t8ACgoDAAUEAgAHAgIADgQEABEFBQDl3N8ADAwLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAGxgXAN/X1gAHBAEAAgIBAPv//wD8//8AAf3+ANbR0wAbGBcAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAABoYl0B9vXzAMW0swDg09cA+vr5AMrO0gCco6cA5uPhADAP3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAmJ6j/+Xo6QD09PUADAwLABsYFwD72cwABwD9AD9AFAAnSYABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACad2z/AAAAAD9AFAAnSYABAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACad2z/AAAAAD9AFAAnSYABAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGaJlAEAAAAAwcDsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI39fWviSyynAAAAAElFTkSuQmCC</Image><Url template="http://search.avg.com/route/?d=4bbcd9ad&v=7.005.030.004&i=23&tp=chrome&q={searchTerms}&lng=en-GB&iy=&ychte=ca" method="GET" type="text/html"/><Url template="http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl={moz:locale}&q={searchTerms}" method="GET" type="application/x-suggestions+json"/><SearchForm>http://search.avg.com/route/?d=4bbcd9ad&v=7.005.030.004&i=23&tp=chrome&lng=en-GB&iy=&ychte=ca</SearchForm></SearchPlugin>
AfterDawn Addict
_
30. December 2013 @ 00:23 _ Link to this message    Send private message to this user   
Paynor,
After looking over the Logs and not being able to find the Bot that is responsible for this.
I must advise you to PM Gringo at Malwarebytes and allow him to attempt a cleaning of your computer, He is very good and has more knowledge of the newer tools that will be required to remove this nasty sucker? I could remove a lot of this stuff that is showing in the logs but it would not remove the hidden part which is the real problem and might cause problems for Gringo.


Your Trusted Zone is being used by the bot to setup your computer as a server?
They have loaded your Trusted Zone with Digital Certificates from Denmark. I don't think that you are there.
Quote:
Welcome to DigitaltCertifikat.dk (Denmark)
We offer SSL certificates at a very reasonable price. We deliver in short time - fast and easily.

Our SSL certificates are compatible with almost any browser or servertype and are very easy to install and use.

Trusted certificates are typically used to make secure connections to a server over the Internet. A certificate is required in order to avoid the case that a malicious party which happens to be on the path to the target server pretends to be the target. Such a scenario is commonly referred to as a man-in-the-middle attack. They are probably being used for a different purpose in this instance. I really don?t know.


192.168.2.1 is your LAN address that?s being used as the server.
From the OTL Log:
O15 - HKLM\..Trusted Domains: certifikat.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: certifikat.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: nets-danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: nets-danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: certifikat.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: certifikat.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: nets-danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: nets-danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1118010790-1470065544-1912479761-1000\..Trusted Domains: virk.dk ([]https in Trusted sites)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0444CCCA-83EA-439C-A9C9-F2F5D0A3DFAB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07D255C3-A699-413A-88A5-9EEF785E4DB3}: DhcpNameServer = 192.168.2.1



Please let me know how this turns out.
2oG
Paynor
Newbie
_
30. December 2013 @ 07:44 _ Link to this message    Send private message to this user   
2oG

Thanks for your suggestions so far. Yes, in most parts of the world, having trusted domains in Denmark would be unusual on a computer. But in fact, the computer does have a few legit digital certificates and trusted sites from Denmark.
Re. the DHCP server on 192.168.2.1, I had another PC on the network on which I was using a DNS proxy (and dhcp server), and this was the assigned address of the proxy. I probably set in manually on this computer. But I am unsure if the registry key you quoted indicates that there is a dchp server installed on the computer in question, or whether it just manually points the computer, on that network interface, to an external lan address on which a dhcp server is running?

Will now follow your advice with the PM to reopen the MWB forum topic. All the best.

This message has been edited since posting. Last time this message was edited on 30. December 2013 @ 11:48

AfterDawn Addict
_
30. December 2013 @ 10:55 _ Link to this message    Send private message to this user   
Not being there and having no prior knowledge of how and what this computer is used for I could probably screw up it's functionality in a heart beat...



I do hope everything works out and wish you luck.

2oG
AfterDawn Addict
_
31. December 2013 @ 17:23 _ Link to this message    Send private message to this user   
Originally posted by Paynor:
Will now follow your advice with the PM to reopen the MWB forum topic. All the best.

Glad to see that Gringo reopened the thread. I'll be watching in the background to get some tips..

I'm pulling for you


2oG
Advertisement
_
__
 
_
AfterDawn Addict
_
31. December 2013 @ 17:56 _ Link to this message    Send private message to this user   
@ddp you around tonight?
 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > combofix stalls
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork