Jump to content

Recommended Posts

Hello,

 

I'm having the same problem from this post:

https://forums.malwarebytes.org/index.php?/topic/163083-phantom-ie-activity/

 

I've blocked the "ip.pixadsserve.com" in hosts file and others but they seem useless, either way blocked or not, iexplorer keeps opening. I have currently renamed iexplore.exe to iexplore.off to avoid it opening. Here are the logs requested:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Marcos (administrator) on Marcos-PC on 08-01-2015 08:58:54
Running from C:\Users\Marcos\Desktop\frst\websitehelp
Loaded Profile: Marcos (Available profiles: Marcos & fbwuser)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Helexis Software Development) C:\Program Files (x86)\Drive Health\dhcore.exe
() C:\Windows\Runservice.exe
() I:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
() C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
() C:\Windows\System32\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\steam\steamerrorreporter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [delvars] => C:\Program Files (x86)\Visual Batch\delallvars.exe [366592 2010-11-12] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3484624 2014-10-24] (Micro-Star International)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [iSUSPM] =>  -scheduler
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [Google Update] => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [Facebook Update] => "C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [icq] => C:\Users\Marcos\AppData\Roaming\ICQM\icq.exe [29919576 2013-11-13] (ICQ)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\MountPoints2: {02806383-6288-11e4-8341-6c626d3b7a2c} - D:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\MountPoints2: {167bde5e-30fe-11e4-b1c2-6c626d3b7a2c} - D:\AutoRun.exe "motorola.html"
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
BootExecute: PDBoot.exeautocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-26202434-3474579419-60944970-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-26202434-3474579419-60944970-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-26202434-3474579419-60944970-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E943C8DE-78A2-45D0-B3BF-54DE4CCB9539}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762
FF Homepage: www.google.com
FF NetworkProxy: "http", "177.234.12.202"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @acestream.net/acestreamplugin,version=2.1.10.1 -> C:\Users\Marcos\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: gastecnologia.com.br/sf/bb -> C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Verificador Ortográfico para Português do Brasil. - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\tk9zi9tq.default\Extensions\pt-BR@dellalibera.sf.net [2012-06-13]
FF Extension: No Name - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\tk9zi9tq.default\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}-trash [2012-02-09]
FF Extension: Verificador Ortográfico para Português do Brasil. - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\pt-BR@dellalibera.sf.net [2014-12-22]
FF Extension: Baixou Agora - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\BaixouAgora@Baixou.xpi [2013-11-28]
FF Extension: MEGA - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\firefox@mega.co.nz.xpi [2014-09-12]
FF Extension: Adblock Plus - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-11]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-04]
FF HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-08-20]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-22]
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-22]
CHR Extension: (Youtube Video Downloader) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkeilckghfobibhlngmndkbkmfidldf [2013-11-06]
CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-15]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-06-10]
CHR Extension: (Baixou Agora) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjpmeddmamejnmmppjlfglfhcjbbai [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-22]
CHR HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-07-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-02-10] (Adobe Systems) [File not signed]
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-11-28] (Autodesk) [File not signed]
R2 DriveHealth; C:\Program Files (x86)\Drive Health\dhcore.exe [509440 2010-07-31] (Helexis Software Development) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Just Flight Limited License Service; C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [69632 2012-03-05] (Just Flight Limited) [File not signed]
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2012-04-06] () [File not signed]
S2 mi-raysat_3dsMax2009_32; I:\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [65536 2008-03-10] () [File not signed]
R2 mi-raysat_3dsmax2013_64; I:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
R2 mi-raysat_3dsmax8; C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe [65536 2005-09-21] () [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1730000 2014-10-24] (Micro-Star International)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 Origin Client Service; C:\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15808 2012-09-24] (Windows ® Win 7 DDK provider)
S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15808 2012-09-24] (Windows ® Win 7 DDK provider)
S3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows ® Win 7 DDK provider)
R0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows ® Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-18] (DT Soft Ltd)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows ® Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2013-07-12] (Windows ® Win 7 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-17] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
U3 a3xsrutb; C:\Windows\System32\Drivers\a3xsrutb.sys [0 ] (Advanced Micro Devices)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 08:52 - 2015-01-06 08:52 - 05609498 _____ (Swearware) C:\Users\Marcos\Desktop\ComboFix.exe
2015-01-04 19:43 - 2015-01-08 08:59 - 00000000 ____D () C:\FRST
2015-01-04 19:43 - 2015-01-08 08:58 - 00000000 ____D () C:\Users\Marcos\Desktop\frst
2015-01-04 18:50 - 2015-01-04 18:50 - 00000034 _____ () C:\Users\Marcos\Desktop\malkin.txt
2015-01-03 23:52 - 2015-01-03 23:52 - 00003419 _____ () C:\Users\Marcos\Desktop\JRT.txt
2015-01-03 23:50 - 2015-01-03 23:50 - 01707939 _____ (Thisisu) C:\Users\Marcos\Desktop\JRT.exe
2015-01-03 23:50 - 2015-01-03 23:50 - 00000000 ____D () C:\Windows\ERUNT
2015-01-03 23:28 - 2015-01-03 23:38 - 00000000 ____D () C:\AdwCleaner
2015-01-03 23:22 - 2015-01-03 23:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-03 22:23 - 2015-01-03 23:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-03 22:23 - 2015-01-03 23:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-03 18:31 - 2015-01-04 18:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 18:31 - 2015-01-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-03 18:31 - 2015-01-03 18:31 - 00000000 ____D () C:\Malwarebytes Anti-Malware
2015-01-03 18:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 18:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 19:34 - 2015-01-08 07:38 - 00001340 _____ () C:\Windows\Tasks\EKS.job
2015-01-02 19:34 - 2015-01-02 19:34 - 00004374 _____ () C:\Windows\System32\Tasks\EKS
2015-01-02 19:32 - 2015-01-08 07:38 - 00001342 _____ () C:\Windows\Tasks\TPNY.job
2015-01-02 19:32 - 2015-01-02 19:32 - 00004376 _____ () C:\Windows\System32\Tasks\TPNY
2015-01-02 19:31 - 2015-01-02 19:31 - 00003912 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-01-02 19:31 - 2015-01-02 19:31 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\dvmlqicl
2014-12-28 14:59 - 2014-12-28 14:59 - 00000000 ____D () C:\Temp
2014-12-26 10:42 - 2014-12-26 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-25 17:46 - 2014-12-25 17:46 - 03360274 _____ () C:\Users\Marcos\Desktop\anexos.zip
2014-12-22 15:34 - 2014-12-23 16:39 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\FMRTE15
2014-12-20 10:33 - 2014-12-27 18:52 - 00061757 _____ () C:\Users\Marcos\Documents\vendas_dezembro_14.txt
2014-12-20 09:45 - 2014-12-20 09:45 - 00004003 _____ () C:\Users\Marcos\Documents\reclamacao_kanui_procon.txt
2014-12-20 08:46 - 2014-12-20 08:46 - 00000284 _____ () C:\Users\Marcos\Documents\procon_kanui.txt
2014-12-20 08:38 - 2014-12-20 08:44 - 00274138 _____ () C:\Users\Marcos\Desktop\Reclamacaokanui.zip
2014-12-18 18:53 - 2014-12-18 18:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 18:53 - 2014-12-18 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-18 10:07 - 2014-12-18 10:07 - 00001583 _____ () C:\Users\Marcos\Documents\imposto_procuradoria_parcela7.txt
2014-12-16 19:31 - 2014-12-16 19:31 - 00196807 _____ () C:\Users\Marcos\Desktop\TACTICTEST_RESULTSaway.pspimage
2014-12-16 13:19 - 2014-12-16 13:23 - 00190752 _____ () C:\Users\Marcos\Desktop\TACTICTEST_RESULTS.pspimage
2014-12-12 20:56 - 2014-12-12 20:56 - 00000165 ____H () C:\Users\Marcos\Documents\~$fm15.xlsx
2014-12-12 17:59 - 2014-12-12 17:59 - 00000263 _____ () C:\Users\Marcos\Documents\pagamengo_colcha_ben10.txt
2014-12-11 19:43 - 2014-12-11 19:43 - 00000000 ____D () C:\Users\Marcos\Desktop\pendrive
2014-12-10 16:57 - 2014-12-18 10:03 - 00000428 _____ () C:\Users\Marcos\Documents\contas_dezembro_2014.txt
2014-12-10 16:40 - 2014-12-10 16:40 - 00000760 _____ () C:\Users\Marcos\Documents\processo_pagamento_dez2014.txt
2014-12-09 16:07 - 2014-12-09 16:07 - 00000707 _____ () C:\Users\Marcos\Documents\master_patty_dez_14.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 08:58 - 2013-01-15 08:47 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps
2015-01-08 08:57 - 2013-12-01 19:13 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 08:55 - 2012-07-22 21:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job
2015-01-08 08:44 - 2013-02-28 00:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job
2015-01-08 07:57 - 2013-07-20 14:44 - 00000000 ____D () C:\ProgramData\GbPlugin
2015-01-08 07:54 - 2013-12-01 19:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 07:52 - 2012-02-09 00:25 - 01972362 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 07:39 - 2013-02-28 00:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job
2015-01-07 21:19 - 2012-06-04 13:45 - 00000000 ____D () C:\ProgramData\Origin
2015-01-07 21:15 - 2012-07-02 18:49 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\TS3Client
2015-01-07 21:10 - 2012-02-09 02:29 - 00000000 ____D () C:\steam
2015-01-07 20:18 - 2012-08-09 13:40 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-07 20:13 - 2012-06-04 13:42 - 00000000 ____D () C:\Origin
2015-01-07 19:36 - 2012-11-14 14:26 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype
2015-01-07 19:36 - 2012-02-14 17:18 - 00000521 _____ () C:\Windows\ScreenShooter.INI
2015-01-07 16:53 - 2012-02-09 13:21 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-07 16:13 - 2013-03-11 12:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-07 15:55 - 2012-07-22 21:36 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job
2015-01-07 08:31 - 2012-02-29 13:52 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CutePDF Writer
2015-01-06 19:41 - 2014-12-01 15:50 - 00094583 _____ () C:\Users\Marcos\Documents\fm15.xlsx
2015-01-06 12:30 - 2012-06-25 00:50 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\vlc
2015-01-04 23:41 - 2014-03-24 10:53 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-04 23:41 - 2014-03-24 10:53 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-04 23:41 - 2014-03-24 10:53 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-04 23:41 - 2014-03-24 10:53 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-04 23:41 - 2013-11-07 00:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-04 23:41 - 2012-12-14 19:20 - 00000000 ____D () C:\Program Files\Java
2015-01-04 19:57 - 2009-07-14 03:13 - 00783808 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 19:55 - 2009-07-14 02:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 19:55 - 2009-07-14 02:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 19:50 - 2014-06-09 23:28 - 00010337 _____ () C:\Windows\setupact.log
2015-01-04 19:50 - 2012-04-06 22:44 - 00000801 ___SH () C:\Windows\SysWOW64\mmf.sys
2015-01-04 19:50 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 19:49 - 2014-06-15 15:23 - 00051110 _____ () C:\Windows\PFRO.log
2015-01-03 23:30 - 2012-12-15 23:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2015-01-03 19:01 - 2012-02-10 17:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-01-03 18:31 - 2012-07-28 18:44 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Malwarebytes
2015-01-03 18:31 - 2012-07-28 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 18:06 - 2013-07-20 14:44 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2015-01-02 20:10 - 2013-11-19 17:04 - 00000000 ____D () C:\Program Files (x86)\3DRipperDX
2015-01-02 20:09 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-02 19:33 - 2012-02-09 01:14 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-02 19:33 - 2012-02-09 00:31 - 00001439 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-02 19:33 - 2012-02-09 00:31 - 00001405 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-02 19:31 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-02 14:23 - 2013-07-20 14:43 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-12-31 09:14 - 2010-02-10 04:18 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 15:22 - 2012-02-10 09:56 - 00000000 ____D () C:\Users\Marcos\Documents\My PSP8 Files
2014-12-28 14:20 - 2013-07-16 09:56 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-12-28 14:03 - 2012-05-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-28 14:03 - 2009-07-14 02:45 - 02305792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-27 16:38 - 2013-12-02 17:47 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-12-26 14:35 - 2012-02-09 15:43 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Thunderbird
2014-12-24 15:06 - 2012-02-29 14:44 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\FileZilla
2014-12-24 15:05 - 2012-02-09 01:56 - 00000000 ____D () C:\Users\Marcos\Documents\Flight Simulator X Files
2014-12-24 14:59 - 2012-02-09 01:27 - 00000000 ____D () C:\FSX
2014-12-21 13:13 - 2012-02-09 12:21 - 00000000 ____D () C:\Users\Marcos\Documents\Flight Simulator Files
2014-12-19 15:51 - 2012-03-01 20:16 - 00000000 ____D () C:\Users\Marcos\AppData\Local\GlobalMapper
2014-12-19 12:43 - 2012-03-02 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
2014-12-19 10:11 - 2012-02-09 01:01 - 00096088 _____ () C:\Users\Marcos\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 22:34 - 2014-11-29 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 15g
2014-12-18 18:53 - 2012-11-14 14:26 - 00000000 ____D () C:\ProgramData\Skype
2014-12-14 20:59 - 2012-06-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-11 22:16 - 2014-07-07 18:20 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe
2014-12-11 22:15 - 2013-01-25 08:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 22:15 - 2012-02-09 01:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 07:54 - 2012-08-27 09:45 - 00002490 _____ () C:\Users\Marcos\AppData\Roaming\WED.prefs
2014-12-09 09:00 - 2012-05-08 09:38 - 00667866 _____ () C:\Users\Marcos\Documents\FSB-LINKSANDSERIAISCOFIDENTIAL.xlsx
2014-12-09 07:54 - 2013-12-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsDreamTeam
2014-12-09 07:53 - 2012-02-11 15:22 - 00000000 ____D () C:\ProgramData\Esellerate

Files to move or delete:
====================
C:\ProgramData\Metrix.dat
C:\Users\Marcos\FSDreamTeam_GSX.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:27

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Marcos at 2015-01-08 09:00:02
Running from C:\Users\Marcos\Desktop\frst\websitehelp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Box Maker Professional (HKLM-x32\...\3D Box Maker Professional_is1) (Version:  - Blink Development)
3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
3dsmax ancillary install (x32 Version: 1 - Autodesk) Hidden
737 Pilot in Command (FSX) (HKLM-x32\...\737 Pilot in Command (FSX)) (Version:  - )
AAA Logo Business Edition 3.10 (HKLM-x32\...\AAA Logo 3.10 Business_is1) (Version:  - SWGSoft.com)
AC3D 6.5.28 (HKLM-x32\...\AC3D 6.5.28_is1) (Version:  - Inivis)
Ace Stream Media 2.1.10.1 (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\AceStream) (Version: 2.1.10.1 - Ace Stream Media)
Active Sky X (HKLM-x32\...\{A06A6679-41D7-48C5-82F8-7D3B0B654720}) (Version: 1.00.1056 - HiFi Flightware)
ActiveSky Version 6.5 and ActiveSky Graphics (HKLM-x32\...\{0F0D371F-C111-4279-963A-04139A5E49DB}) (Version: 0.6.995 - HiFi Simulation Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Aerosoft's - African Airstrip Adventures (HKLM-x32\...\{A5585C80-B880-454C-9798-68493715BA37}) (Version: 1.00 - Aerosoft)
Aerosoft's - DHC-6 Twin Otter X (HKLM-x32\...\{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}) (Version: 1.10 - Aerosoft)
aerosoft's - FlightSim Commander (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 8.2 - aerosoft)
aerosoft's - Mega Airport Lisbon X (HKLM-x32\...\{DAA73076-84A5-4141-A630-79380E48C9D0}) (Version: 1.10 - aerosoft)
Aerosoft's - Twin Otter X - Mission Pack (HKLM-x32\...\{E0BF8C31-2745-4186-A08D-05401FC95AE3}) (Version: 1.0 - Aerosoft)
AFX (HKLM-x32\...\afx) (Version:  - )
Air Hauler (Shared Components) (HKLM-x32\...\Uninstaller_B72FF000_Air Hauler) (Version: 2.65.10 - Just Flight Limited)
Airbus Series Vol.1 (FS X) (HKLM-x32\...\Airbus Series Vol.1 (FS X)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Airbus Series Vol.2 (FS X)) (Version:  - )
AIRLINE (HKLM-x32\...\AIRLINE) (Version: v6 - Efzed)
Airport Wizard (HKLM-x32\...\{4B7962BC-FF0D-44A2-BFC4-BA6C36FB6731}) (Version: 1.03.0 - FlightSimTools.com)
Alaska Adventures 1.01 (HKLM-x32\...\Alaska Adventures 1.01) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Artisteer 2 (HKLM-x32\...\Artisteer 2) (Version: 2.3 - Extensoft)
Artisteer 3 (HKLM-x32\...\Artisteer 3) (Version: 3.0 - Extensoft)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Assetto Corsa Dedicated Server (HKLM-x32\...\Steam App 302550) (Version:  - )
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1347 - DsNET Corp)
Autodesk 3ds Max 2009 32-bit (HKLM-x32\...\{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 8 (HKLM-x32\...\{DBB313D6-4B13-4961-BD5F-673CDA1793CC}) (Version: 8.0 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM-x32\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.0.0 - Autodesk, Inc.)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Backburner (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 3.0 - Discreet)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Belzonte 3 (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Belzonte 3) (Version:  - )
BitRock InstallBuilder Enterprise (HKLM-x32\...\BitRock InstallBuilder Enterprise 7.2.5) (Version: 7.2.5 - BitRock)
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Camtasia Studio 6 (HKLM-x32\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Construction-Simulator 2015 (HKLM-x32\...\Steam App 289950) (Version:  - weltenbauer. Software Entwicklung GmbH)
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.2.0.12 - Corel Corporation) Hidden
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version:  - )
Creation Master 14.3 (HKLM-x32\...\Creation Master 14_is1) (Version:  - FIFA MASTER)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
DBS Walk And Follow (HKLM-x32\...\DBS Walk And Follow) (Version:  - )
Drive Health (HKLM-x32\...\Drive Health) (Version:  - Helexis Software Development)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
Eastside UK pre-game Editor v2007.1.7 (HKLM-x32\...\Eastside UK pre-game Editor for NHL EHM 2007_is1) (Version:  - Eastside UK)
EditVoicepack X (HKLM-x32\...\{493687F8-8D57-47C4-87B6-D46D7C5203BF}) (Version: 4.0.7 - Bevelstone Production)
E-Jets Series (FSX) (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\E-Jets Series (FSX)) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FaceGen Modeller 3.4 (HKLM-x32\...\{82B0940F-A8ED-4F74-935A-CF6AF8530769}) (Version: 3.4.0 - Singular Inversions Inc.)
FBX Plugin 2006.08 for Max 9.0 (HKLM-x32\...\FBX Plugin 2006.08 for Max 9.0) (Version:  - )
FBX Plugin 2009.0 for Max 2009 (HKLM-x32\...\FBX Plugin 2009.0 for Max 2009) (Version:  - )
FeelThere E-Jets v.2 (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\FeelThere E-Jets v.2) (Version:  - )
FenceBuilder Pro (HKLM-x32\...\FenceBuilder Pro1.0) (Version: 1.0 - FSAddon Publishing)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FM Genie Scout 12g version 1.2 (HKLM-x32\...\FM Genie Scout 12g_is1) (Version: 1.2 - )
FM Genie Scout 13g version 1.0 13.3.3 (HKLM-x32\...\FM Genie Scout 13g_is1) (Version: 1.0 13.3.3 - )
FM Genie Scout 14g version 1.2 14.3.1 (HKLM-x32\...\FM Genie Scout 14g_is1) (Version: 1.2 14.3.1 - )
FM Genie Scout 15g version 1.0 15.2.1 beta 9 (HKLM-x32\...\FM Genie Scout 15g_is1) (Version: 1.0 15.2.1 beta 9 - )
FMRTE 13.2.0.43 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.2.0.43 - Raul Bravo)
FMRTE 14.3.1.35 (HKLM\...\{067E314C-0505-406F-ABF5-AC601646E8B4}_is1) (Version: 14.3.1.35 - Raul Bravo)
FMRTE 15.2.1.10 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.2.1.10 - FMRTE)
FMRTE 5.2.4 (HKLM\...\{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1) (Version: 5.2.4 - Raul Bravo)
Fokker 70-100 FSX (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Fokker 70-100 FSX) (Version:  - )
Football Manager 2012 Editor (HKLM-x32\...\Steam App 71400) (Version:  - )
Football Manager 2012 Resource Archiver (HKLM-x32\...\Steam App 71410) (Version:  - )
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version:  - Sports Interactive)
Football Manager 2013 Resource Archiver (HKLM-x32\...\Steam App 220620) (Version:  - Sports Interactive)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version:  - )
Franchise Hockey Manager 2014 (HKLM-x32\...\Franchise Hockey Manager2014) (Version: 2014 - Out of the Park Developments)
Franchise Hockey Manager 2014 (HKLM-x32\...\Steam App 299890) (Version:  - Out of the Park Developments)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FS Texture Converter (HKLM-x32\...\FS Texture Converter) (Version: 1.03 - Elrond Elvish)
FS Water Configurator 3.15 (HKLM\...\FS Water Configurator) (Version:  - )
FS2XPlane (HKLM-x32\...\FS2XPlane) (Version: 3.26 - Jonathan Harris <x-plane@marginal.org.uk>)
FSBuild 2 (HKLM-x32\...\FSBuild 2) (Version: 1 - EA)
Fsbuild 2.4.0.18 (HKLM-x32\...\Fsbuild 2.4.0.18) (Version:  - )
FSDreamTeam GSX FSX (HKLM-x32\...\FSDreamTeam GSX FSX_is1) (Version: 1.9.0.2 - VIRTUALI Sagl)
FSDreamTeam GSX P3D v2.x (HKLM-x32\...\FSDreamTeam GSX P3D v2.x_is1) (Version: 1.9.0.2 - VIRTUALI Sagl)
FSDreamTeam GSX Vehicles Update 1.0 (HKLM-x32\...\FSDreamTeam GSX Vehicles Update_is1) (Version:  - )
FSrealWX lite version 1.01.1291 (HKLM-x32\...\FSrealWX lite_is1) (Version: 1.01.1291 - Hanse-Coders.)
FSTramp (HKLM-x32\...\{0B3EAF6B-BBF1-45EF-B4DA-D16DC7574507}_is1) (Version: 5.42 - Team FSTramp)
Game Dev Tycoon version 1.3.14 (HKLM-x32\...\Game Dev Tycoon_is1) (Version: 1.3.14 - The Void)
Game Stock Car Extreme 2013 v1.15 (HKLM-x32\...\R2FtZVN0b2NrQ2FyRXh0cmVtZTIwMTM=_is1) (Version: 1 - )
GBBD Banco do Brasil (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: GBBD Banco do Brasil - )
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
Global Mapper 13 (64-bit) (HKLM\...\{CB815A97-4F15-4FDB-B848-55DA9C9F5ADF}) (Version: 13.00.0010 - Blue Marble Geographics)
Global Mapper 14 (HKLM-x32\...\{95F1573A-3D8E-4546-A421-8F0B1A6591F6}) (Version: 14.00.0010 - Blue Marble Geographics)
GlobalMapper_64bit (HKLM\...\{C741B947-DDF9-40EE-A467-66CB2AE10FCC}) (Version: 11.01.0010 - Global Mapper Software)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
Google Chrome (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Satellite Maps Downloader 6.986 (HKLM-x32\...\Google Satellite Maps Downloader_is1) (Version:  - allallsoft.com)
Google SketchUp Pro 8 (HKLM-x32\...\{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
ICE AI Traffic for FSX (5.00) version 5.00 (HKLM-x32\...\{5F23C994-DED7-4AE0-B899-BBCBC57FC0F8}_is1) (Version: 5.00 - ICE AI Traffic Group)
ICQ 8.2 (build 6870) (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
ImageMagick 6.8.0-1 Q16 (2012-11-01) (HKLM-x32\...\ImageMagick 6.8.0 Q16_is1) (Version: 6.8.0 - ImageMagick Studio LLC)
InstallShield 2010 SP1 (HKLM-x32\...\{9CE57049-ECC4-4B93-9DCD-74B117592637}) (Version: 16.01.0000 - Acresso Software Inc.)
Instant Scenery (HKLM-x32\...\instant scenery2) (Version: 2.03 - Flight1 Software)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}) (Version: 1.0.0 - Pas)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2012) (Version: 1.0 - Receita Federal do Brasil)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.1 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.1 - Receita Federal do Brasil)
ISG FSX v1.7 (HKLM-x32\...\ISGv1.7_is1) (Version:  - SimMarket)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Flight - Air Hauler (HKLM-x32\...\{EF11FC33-6C4D-4AF3-8ECB-5D1917E0AEC1}) (Version: 1.00.0000 - Just Flight Ltd)
K-Lite Codec Pack 5.9.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.9.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Level-D 767-300 for FSX (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Level-D 767-300 for FSX) (Version:  - )
LGMT scenery for FSX (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\LGMT scenery for FSX) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Majestic MJC8Q400 (HKLM-x32\...\MJC8Q400) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 4.0.44 (HKLM-x32\...\ManyCam) (Version: 4.0.44 - Visicom Media Inc.)
MapMart Data Discovery (HKLM-x32\...\{56B25106-8FCF-480A-804E-8522A4519F9E}) (Version: 1.2.9 - MapMart)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Expression Web (HKLM-x32\...\WebDesigner) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Flight Simulator 2004 Autogen SDK (HKLM-x32\...\{6C47FC43-571A-424D-B2C2-DE10D48E2371}) (Version: 1.00.0000 - Microsoft)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{4847BBB9-EADD-4C92-90BF-4223B0892FF6}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Flight Simulator X SP2 SDK (HKLM-x32\...\{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 SP1 (HKLM\...\{AD483998-2E9A-4405-83FF-6E503AF49CBB}) (Version: 6.0.192.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Monitor da tecnologia Intel® Turbo Boost (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.5 - Intel)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.011 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NHL Eastside Hockey Manager 2007 (HKLM-x32\...\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}) (Version: 3.0.0 - SEGA)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.01 - aerosoft)
OMSI Addon Manager version 1.2.4 (HKLM-x32\...\{32B08666-1587-435D-988C-7958A04B218A}_is1) (Version: 1.2.4 - Jan Kiesewalter)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open Clouds (HKLM-x32\...\{4AC58A68-8485-4F70-BC25-34BB50AD0B30}) (Version: 1.16.0 - FSopen.co.uk)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
OverlayEditor (HKLM-x32\...\OverlayEditor) (Version: 2.24 - Jonathan Harris <x-plane@marginal.org.uk>)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
PlayClaw (HKLM-x32\...\PlayClaw) (Version: 2.1.0.1502 - Sytexis Software)
PlayClaw 3 (HKLM-x32\...\PlayClaw_is1) (Version: 3 - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
Pokki Download Helper (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.5 - Portforward, LLC)
Prepar3D v2 Professional (HKLM-x32\...\{5DD3CF5D-9573-44A8-9543-D65BED953192}) (Version: 2.2.10437.0 - Lockheed Martin)
Prepar3D v2 Professional (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden
Prepar3D v2 SDK 2.0.9448.0 (HKLM-x32\...\{D4943829-5AAD-480C-82EF-39211F53DC76}) (Version: 2.0.9448.0 - Lockheed Martin)
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
PSPPContent (x32 Version: 15.2.0.12 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.6.2 (64-bit) (HKLM\...\{24aab420-4e30-4496-9739-3e216f3de6af}) (Version: 2.6.2150 - Python Software Foundation)
QGIS Dufour 2.0.1 Dufour (HKLM\...\QGIS Dufour) (Version:  - QGIS Development Team)
Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version:  - QGIS Development Team)
Quick 3D Cover 2.0.1 (HKLM-x32\...\Quick 3D Cover_is1) (Version:  - Nervepreserve.com)
Real Environment Xtreme + Overdrive (HKLM-x32\...\{256FA569-AAAA-43D5-B1D8-57406A9D3A9A}) (Version: 2.5.2010.1027 - Real Environment Simulations, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6299 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
REX Auto Update (HKLM-x32\...\REX Auto Update 1.0.2014.0603) (Version: 1.0.2014.0603 - REX Game Studios, LLC.)
REX Auto Update (x32 Version: 1.0.2014.0603 - REX Game Studios, LLC.) Hidden
REX Essential Plus Overdrive (HKLM-x32\...\{10D69816-2FA2-4071-A45E-2EC182FA2A7D}) (Version: 3.5.2012.1029 - REX Game Studios, LLC.)
SBuilderX313 (HKLM-x32\...\{E947C6F0-20AD-4A8F-823F-ADC1251FBE45}) (Version: 3.1.3 - PTSim)
SceneGenX Update (HKLM-x32\...\{F39597BE-661E-4985-9849-B4F394983E4C}) (Version: 1.1.61 - Thomas Hiscox)
SceneryConfigEditor v1.1.0 (remove only) (HKLM-x32\...\SceneryConfigEditor) (Version:  - )
SceneryTech Africa Landclass v1.0 (HKLM-x32\...\{DA17C501-E443-4371-873C-3C79373A2E33}) (Version: 1.0 - SceneryTech)
SceneryTech Europe Landclass v1.1 (HKLM-x32\...\{83FC981A-5557-4A2D-9C36-ED133DC5BFB9}) (Version: 1.1 - SceneryTech)
SceneryTech Indo-Pacific Landclass v1.0 (HKLM-x32\...\{EFF0D84D-C49A-461E-BC21-D6ED8B2C0D5D}) (Version: 1.0 - SceneryTech)
SceneryTech North America Landclass v1.4 (HKLM-x32\...\{E91C757A-854C-4057-A67D-7FAE297B2016}) (Version: 1.4 - SceneryTech)
SceneryTech South America Landclass v1.0 (HKLM-x32\...\{0DC9C45C-966C-488D-B97E-5C68E161CDCC}) (Version: 1.0 - SceneryTech)
Seamless Texture Creator 2.0 (HKLM-x32\...\Seamless Texture Creator_is1) (Version:  - EArt Media Software)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Setup (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Setup Factory 9 (HKLM-x32\...\Setup Factory 9) (Version: 9.0.4.0 - Indigo Rose Corporation)
Sky Simulations - MD-11 for FSX - N537JB (HKLM-x32\...\Sky Simulations - MD-11 for FSX - N537JB) (Version:  - )
Sky Simulations - MD-11 SP1 for FSX - N537JB (HKLM-x32\...\Sky Simulations - MD-11 SP1 for FSX - N537JB) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Noise Reduction Plug-In 2.0h (HKLM-x32\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
Sony Sound Forge 9.0 (HKLM-x32\...\{4AEA9A23-D627-4699-8A0F-FC474308C2E6}) (Version: 9.0.441 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steering wheel (HKLM-x32\...\{FFE5AA19-FE65-43C5-B021-BEF78A9358CE}) (Version: 1.00.0000 - MyPower)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Vegas Pro 9.0 (64-bit) (HKLM\...\{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}) (Version: 9.0.895 - Sony)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 2.9.0.24 - VIRTUALI Sagl)
VIRTUALI Addon ManagerX P3D v2.x (HKLM-x32\...\VIRTUALI Addon ManagerX P3D v2.x_is1) (Version: 2.9.0.24 - VIRTUALI Sagl)
Visual Batch (HKLM-x32\...\Visual Batch) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
V-Ray for 3dsmax 2013 for x64 (HKLM\...\V-Ray for 3dsmax 2013 for x64) (Version: 2.30.01 - Chaos Software Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

08-01-2015 07:49:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:34 - 2015-01-06 10:08 - 00000996 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0    ib.pixadsserve.com
0.0.0.0    www.pixadsserve.com
0.0.0.0 www.allvoices.com
0.0.0.0 www.deletebloodcancer.org
0.0.0.0 www.tasgames.com
0.0.0.0 user-disp.tidaltv.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12938271-A0E4-489D-8A36-AC25E93D24FF} - System32\Tasks\REX Software Update for Auto Update => I:\REX Auto Update\updater.exe [2014-06-03] (REX Game Studios, LLC.)
Task: {14128180-BF79-41E5-B1E1-D47FA1E3D5E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {1AD5A7AE-A267-4A97-B3D6-2A962E3796D2} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {1AF3DC26-05BA-4A4E-A778-7942798FDF1E} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {1FAE140C-FAA9-4FEC-9DC0-BF48A1BEE666} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-7 No Task File <==== ATTENTION
Task: {38ECA034-3D80-4D36-BC94-797A2A422331} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {3CAC78CB-A22F-4546-86D7-B2E33F0A6881} - System32\Tasks\{7519310D-ADA8-464B-9460-2A35968B0B7B} => I:\3dsmax7\3dsmax.exe
Task: {47325F05-1930-450C-B861-320046ABE2BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {47418483-3F16-4BFE-87AF-4FE5EBE399CC} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {4B0C4525-7B0F-4FF2-8616-7C2F082FE9CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {562AE491-C525-4C3B-A86F-6C5E9216F840} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-6 No Task File <==== ATTENTION
Task: {59CBEC77-764D-4E9F-8436-03861E531450} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5DDB8DD0-13A7-4710-A0FF-AA7AC12D09AA} - System32\Tasks\{3B55FBED-7D52-4E2D-BEE5-D08E8E0E729D} => pcalua.exe -a "I:\SimCity 4 Deluxe\EAUninstall.exe"
Task: {5E3B59D4-B9F3-4EAA-A51F-63CC7057DAAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {623B62BC-8FCB-4B8E-8452-A3FA56B6AE67} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-4 No Task File <==== ATTENTION
Task: {623DC4D8-C7DA-4B0F-A50C-F9522FD286C9} - System32\Tasks\{92001B4A-1C9A-4FFC-8644-50EA1E807EBA} => pcalua.exe -a "F:\download\fsbuild\FSBuild 2.0\Setup.exe" -d "F:\download\fsbuild\FSBuild 2.0"
Task: {7C4A1247-7B44-42B3-ADC8-0BEA25595AAC} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-5_user No Task File <==== ATTENTION
Task: {90BB8682-41F2-47ED-A8CF-1CC927585F9A} - System32\Tasks\{AB6F767C-3AB4-4634-B97F-2A7DD92CCAAB} => I:\3dsmax7\3dsmax.exe
Task: {95243302-8D49-426F-9568-21BCDA0EEF10} - \9a8dac4d-982c-490e-bbe9-07661ae40d70-3 No Task File <==== ATTENTION
Task: {AA84527D-09FB-4F23-AA55-63E017993F53} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-2 No Task File <==== ATTENTION
Task: {AC258C73-D041-4F41-9654-6460C5DFBB90} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-1 No Task File <==== ATTENTION
Task: {B6E3FDC3-0E54-44CE-96B4-70CCF9DF26DD} - System32\Tasks\TPNY => C:\Users\Marcos\AppData\Roaming\TPNY.exe <==== ATTENTION
Task: {BEE8CBA6-12BD-4205-891C-223750D41D8E} - System32\Tasks\EKS => C:\Users\Marcos\AppData\Roaming\EKS.exe <==== ATTENTION
Task: {C0BBA509-B231-4977-96D6-96F0FFB134FF} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-5 No Task File <==== ATTENTION
Task: {DBBAA81A-D9D2-4885-B652-A03E2B3A42FE} - \SPBIW_UpdateTask_Time_333939353434333836392d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {FDD47F74-A877-4EA6-9B33-A4FBD7B42BFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: C:\Windows\Tasks\EKS.job => C:\Users\Marcos\AppData\Roaming\EKS.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TPNY.job => C:\Users\Marcos\AppData\Roaming\TPNY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-02-29 09:48 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-04-06 22:44 - 2012-04-06 22:44 - 00002560 _____ () C:\Windows\runservice.exe
2011-09-14 20:19 - 2011-09-14 20:19 - 00086016 _____ () I:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2012-02-09 12:16 - 2005-09-21 15:13 - 00065536 _____ () C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
2014-06-29 12:21 - 2014-06-29 12:21 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2012-02-09 01:16 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-04-06 22:44 - 2012-04-06 22:44 - 00048640 _____ () C:\Windows\mmfs.dll
2014-11-20 13:44 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-04 21:25 - 2014-12-04 21:25 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-02 19:31 - 2015-01-02 19:31 - 00133120 _____ () C:\Users\Marcos\AppData\Roaming\dvmlqicl\colers.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:9129AF6F_Bb.gbp
AlternateDataStreams: C:\ProgramData\TEMP:64217CD0
AlternateDataStreams: C:\ProgramData\TEMP:74603393
AlternateDataStreams: C:\Users\Marcos\Documents\FM Genie Scout 13g.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marcos\Documents\FMRTE - FM13 (License Key).eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Google Update => "C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: PoivY => "C:\Program Files (x86)\PoivY\PoivY.exe" -nosplash -minimized
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Administrator (S-1-5-21-26202434-3474579419-60944970-500 - Administrator - Disabled)
fbwuser (S-1-5-21-26202434-3474579419-60944970-1005 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-26202434-3474579419-60944970-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-26202434-3474579419-60944970-1002 - Limited - Enabled)
Marcos (S-1-5-21-26202434-3474579419-60944970-1000 - Administrator - Enabled) => C:\Users\Marcos

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2015 08:58:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.2.1.0, time stamp: 0x548f21aa
Faulting module name: fm.exe, version: 15.2.1.0, time stamp: 0x548f21aa
Exception code: 0xc0000005
Fault offset: 0x00e43f06
Faulting process id: 0x2834
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (01/07/2015 10:54:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17784

Error: (01/07/2015 10:54:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17784

Error: (01/07/2015 10:54:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2015 10:54:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16786

Error: (01/07/2015 10:54:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16786

Error: (01/07/2015 10:54:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2015 10:54:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15772

Error: (01/07/2015 10:54:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15772

Error: (01/07/2015 10:54:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/04/2015 07:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YTDUpdt service failed to start due to the following error:
%%2

Error: (01/04/2015 07:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Monitoring Service service failed to start due to the following error:
%%2

Error: (01/04/2015 07:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Service service failed to start due to the following error:
%%2

Error: (01/04/2015 06:55:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YTDUpdt service failed to start due to the following error:
%%2

Error: (01/04/2015 06:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Monitoring Service service failed to start due to the following error:
%%2

Error: (01/04/2015 06:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/20/2013 02:52:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 20, Application Name: Microsoft Expression Web, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2201 seconds with 360 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-17 18:39:27.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:26.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:26.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-21 09:17:09.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Marcos\AppData\Local\Temp\mc23F0F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 25%
Total physical RAM: 8172.5 MB
Available physical RAM: 6093.03 MB
Total Pagefile: 16343.15 MB
Available Pagefile: 13675.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:28.05 GB) NTFS
Drive f: (HD500) (Fixed) (Total:407.17 GB) (Free:8.73 GB) NTFS
Drive g: (HD500P2) (Fixed) (Total:58.59 GB) (Free:2.74 GB) NTFS
Drive i: (Win8) (Fixed) (Total:465.76 GB) (Free:13.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0671E06B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 693FA74E)
Partition 1: (Not Active) - (Size=407.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 15CA3F5A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Many thanks in advance.

 

Regards.

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Hi,

 

Cool nick my friend. I need to think of something cool like that for me ;-)

 

Here is the latest log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Marcos (administrator) on Marcos-PC on 08-01-2015 10:34:32
Running from C:\Users\Marcos\Desktop\frst\websitehelp
Loaded Profile: Marcos (Available profiles: Marcos & fbwuser)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Helexis Software Development) C:\Program Files (x86)\Drive Health\dhcore.exe
() C:\Windows\Runservice.exe
() I:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
() C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
() C:\Windows\System32\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [delvars] => C:\Program Files (x86)\Visual Batch\delallvars.exe [366592 2010-11-12] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3484624 2014-10-24] (Micro-Star International)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [iSUSPM] =>  -scheduler
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [Google Update] => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [Facebook Update] => "C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Run: [icq] => C:\Users\Marcos\AppData\Roaming\ICQM\icq.exe [29919576 2013-11-13] (ICQ)
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\MountPoints2: {02806383-6288-11e4-8341-6c626d3b7a2c} - D:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\MountPoints2: {167bde5e-30fe-11e4-b1c2-6c626d3b7a2c} - D:\AutoRun.exe "motorola.html"
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
BootExecute: PDBoot.exeautocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-26202434-3474579419-60944970-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-26202434-3474579419-60944970-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-26202434-3474579419-60944970-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E943C8DE-78A2-45D0-B3BF-54DE4CCB9539}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762
FF Homepage: www.google.com
FF NetworkProxy: "http", "177.234.12.202"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @acestream.net/acestreamplugin,version=2.1.10.1 -> C:\Users\Marcos\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-26202434-3474579419-60944970-1000: gastecnologia.com.br/sf/bb -> C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Verificador Ortográfico para Português do Brasil. - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\tk9zi9tq.default\Extensions\pt-BR@dellalibera.sf.net [2012-06-13]
FF Extension: No Name - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\tk9zi9tq.default\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}-trash [2012-02-09]
FF Extension: Verificador Ortográfico para Português do Brasil. - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\pt-BR@dellalibera.sf.net [2014-12-22]
FF Extension: Baixou Agora - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\BaixouAgora@Baixou.xpi [2013-11-28]
FF Extension: MEGA - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\firefox@mega.co.nz.xpi [2014-09-12]
FF Extension: Adblock Plus - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\v70uy02j.default-1344425866762\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-11]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-04]
FF HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-08-20]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-22]
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-22]
CHR Extension: (Youtube Video Downloader) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkeilckghfobibhlngmndkbkmfidldf [2013-11-06]
CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-15]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-06-10]
CHR Extension: (Baixou Agora) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjpmeddmamejnmmppjlfglfhcjbbai [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-22]
CHR HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-07-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-02-10] (Adobe Systems) [File not signed]
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-11-28] (Autodesk) [File not signed]
R2 DriveHealth; C:\Program Files (x86)\Drive Health\dhcore.exe [509440 2010-07-31] (Helexis Software Development) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Just Flight Limited License Service; C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [69632 2012-03-05] (Just Flight Limited) [File not signed]
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2012-04-06] () [File not signed]
S2 mi-raysat_3dsMax2009_32; I:\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [65536 2008-03-10] () [File not signed]
R2 mi-raysat_3dsmax2013_64; I:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
R2 mi-raysat_3dsmax8; C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe [65536 2005-09-21] () [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1730000 2014-10-24] (Micro-Star International)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 Origin Client Service; C:\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15808 2012-09-24] (Windows ® Win 7 DDK provider)
S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15808 2012-09-24] (Windows ® Win 7 DDK provider)
S3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows ® Win 7 DDK provider)
R0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows ® Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-18] (DT Soft Ltd)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows ® Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2013-07-12] (Windows ® Win 7 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-17] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
U3 a3xsrutb; C:\Windows\System32\Drivers\a3xsrutb.sys [0 ] (Advanced Micro Devices)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 08:52 - 2015-01-06 08:52 - 05609498 _____ (Swearware) C:\Users\Marcos\Desktop\ComboFix.exe
2015-01-04 19:43 - 2015-01-08 10:34 - 00000000 ____D () C:\FRST
2015-01-04 19:43 - 2015-01-08 08:58 - 00000000 ____D () C:\Users\Marcos\Desktop\frst
2015-01-04 18:50 - 2015-01-04 18:50 - 00000034 _____ () C:\Users\Marcos\Desktop\malkin.txt
2015-01-03 23:52 - 2015-01-03 23:52 - 00003419 _____ () C:\Users\Marcos\Desktop\JRT.txt
2015-01-03 23:50 - 2015-01-03 23:50 - 01707939 _____ (Thisisu) C:\Users\Marcos\Desktop\JRT.exe
2015-01-03 23:50 - 2015-01-03 23:50 - 00000000 ____D () C:\Windows\ERUNT
2015-01-03 23:28 - 2015-01-03 23:38 - 00000000 ____D () C:\AdwCleaner
2015-01-03 23:22 - 2015-01-03 23:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-03 22:23 - 2015-01-03 23:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-03 22:23 - 2015-01-03 23:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-03 18:31 - 2015-01-04 18:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 18:31 - 2015-01-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-03 18:31 - 2015-01-03 18:31 - 00000000 ____D () C:\Malwarebytes Anti-Malware
2015-01-03 18:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 18:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 19:34 - 2015-01-08 07:38 - 00001340 _____ () C:\Windows\Tasks\EKS.job
2015-01-02 19:34 - 2015-01-02 19:34 - 00004374 _____ () C:\Windows\System32\Tasks\EKS
2015-01-02 19:32 - 2015-01-08 07:38 - 00001342 _____ () C:\Windows\Tasks\TPNY.job
2015-01-02 19:32 - 2015-01-02 19:32 - 00004376 _____ () C:\Windows\System32\Tasks\TPNY
2015-01-02 19:31 - 2015-01-02 19:31 - 00003912 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-01-02 19:31 - 2015-01-02 19:31 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\dvmlqicl
2014-12-28 14:59 - 2014-12-28 14:59 - 00000000 ____D () C:\Temp
2014-12-26 10:42 - 2014-12-26 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-25 17:46 - 2014-12-25 17:46 - 03360274 _____ () C:\Users\Marcos\Desktop\anexos.zip
2014-12-22 15:34 - 2014-12-23 16:39 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\FMRTE15
2014-12-20 10:33 - 2014-12-27 18:52 - 00061757 _____ () C:\Users\Marcos\Documents\vendas_dezembro_14.txt
2014-12-20 09:45 - 2014-12-20 09:45 - 00004003 _____ () C:\Users\Marcos\Documents\reclamacao_kanui_procon.txt
2014-12-20 08:46 - 2014-12-20 08:46 - 00000284 _____ () C:\Users\Marcos\Documents\procon_kanui.txt
2014-12-20 08:38 - 2014-12-20 08:44 - 00274138 _____ () C:\Users\Marcos\Desktop\Reclamacaokanui.zip
2014-12-18 18:53 - 2014-12-18 18:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 18:53 - 2014-12-18 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-18 10:07 - 2014-12-18 10:07 - 00001583 _____ () C:\Users\Marcos\Documents\imposto_procuradoria_parcela7.txt
2014-12-16 19:31 - 2014-12-16 19:31 - 00196807 _____ () C:\Users\Marcos\Desktop\TACTICTEST_RESULTSaway.pspimage
2014-12-16 13:19 - 2014-12-16 13:23 - 00190752 _____ () C:\Users\Marcos\Desktop\TACTICTEST_RESULTS.pspimage
2014-12-12 20:56 - 2014-12-12 20:56 - 00000165 ____H () C:\Users\Marcos\Documents\~$fm15.xlsx
2014-12-12 17:59 - 2014-12-12 17:59 - 00000263 _____ () C:\Users\Marcos\Documents\pagamengo_colcha_ben10.txt
2014-12-11 19:43 - 2014-12-11 19:43 - 00000000 ____D () C:\Users\Marcos\Desktop\pendrive
2014-12-10 16:57 - 2014-12-18 10:03 - 00000428 _____ () C:\Users\Marcos\Documents\contas_dezembro_2014.txt
2014-12-10 16:40 - 2014-12-10 16:40 - 00000760 _____ () C:\Users\Marcos\Documents\processo_pagamento_dez2014.txt
2014-12-09 16:07 - 2014-12-09 16:07 - 00000707 _____ () C:\Users\Marcos\Documents\master_patty_dez_14.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 09:57 - 2013-12-01 19:13 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 09:55 - 2012-07-22 21:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job
2015-01-08 08:58 - 2013-01-15 08:47 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps
2015-01-08 08:44 - 2013-02-28 00:39 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job
2015-01-08 07:57 - 2013-07-20 14:44 - 00000000 ____D () C:\ProgramData\GbPlugin
2015-01-08 07:54 - 2013-12-01 19:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 07:52 - 2012-02-09 00:25 - 01972362 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 07:39 - 2013-02-28 00:39 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job
2015-01-07 21:19 - 2012-06-04 13:45 - 00000000 ____D () C:\ProgramData\Origin
2015-01-07 21:15 - 2012-07-02 18:49 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\TS3Client
2015-01-07 21:10 - 2012-02-09 02:29 - 00000000 ____D () C:\steam
2015-01-07 20:18 - 2012-08-09 13:40 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-07 20:13 - 2012-06-04 13:42 - 00000000 ____D () C:\Origin
2015-01-07 19:36 - 2012-11-14 14:26 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype
2015-01-07 19:36 - 2012-02-14 17:18 - 00000521 _____ () C:\Windows\ScreenShooter.INI
2015-01-07 16:53 - 2012-02-09 13:21 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-07 16:13 - 2013-03-11 12:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-07 15:55 - 2012-07-22 21:36 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job
2015-01-07 08:31 - 2012-02-29 13:52 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CutePDF Writer
2015-01-06 19:41 - 2014-12-01 15:50 - 00094583 _____ () C:\Users\Marcos\Documents\fm15.xlsx
2015-01-06 12:30 - 2012-06-25 00:50 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\vlc
2015-01-04 23:41 - 2014-03-24 10:53 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-04 23:41 - 2014-03-24 10:53 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-04 23:41 - 2014-03-24 10:53 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-04 23:41 - 2014-03-24 10:53 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-04 23:41 - 2013-11-07 00:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-04 23:41 - 2012-12-14 19:20 - 00000000 ____D () C:\Program Files\Java
2015-01-04 19:57 - 2009-07-14 03:13 - 00783808 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 19:55 - 2009-07-14 02:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 19:55 - 2009-07-14 02:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 19:50 - 2014-06-09 23:28 - 00010337 _____ () C:\Windows\setupact.log
2015-01-04 19:50 - 2012-04-06 22:44 - 00000801 ___SH () C:\Windows\SysWOW64\mmf.sys
2015-01-04 19:50 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 19:49 - 2014-06-15 15:23 - 00051110 _____ () C:\Windows\PFRO.log
2015-01-03 23:30 - 2012-12-15 23:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2015-01-03 19:01 - 2012-02-10 17:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-01-03 18:31 - 2012-07-28 18:44 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Malwarebytes
2015-01-03 18:31 - 2012-07-28 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 18:06 - 2013-07-20 14:44 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2015-01-02 20:10 - 2013-11-19 17:04 - 00000000 ____D () C:\Program Files (x86)\3DRipperDX
2015-01-02 20:09 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-02 19:33 - 2012-02-09 01:14 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-02 19:33 - 2012-02-09 00:31 - 00001439 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-02 19:33 - 2012-02-09 00:31 - 00001405 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-02 19:31 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-02 14:23 - 2013-07-20 14:43 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-12-31 09:14 - 2010-02-10 04:18 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 15:22 - 2012-02-10 09:56 - 00000000 ____D () C:\Users\Marcos\Documents\My PSP8 Files
2014-12-28 14:20 - 2013-07-16 09:56 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-12-28 14:03 - 2012-05-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-28 14:03 - 2009-07-14 02:45 - 02305792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-27 16:38 - 2013-12-02 17:47 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-12-26 14:35 - 2012-02-09 15:43 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Thunderbird
2014-12-24 15:06 - 2012-02-29 14:44 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\FileZilla
2014-12-24 15:05 - 2012-02-09 01:56 - 00000000 ____D () C:\Users\Marcos\Documents\Flight Simulator X Files
2014-12-24 14:59 - 2012-02-09 01:27 - 00000000 ____D () C:\FSX
2014-12-21 13:13 - 2012-02-09 12:21 - 00000000 ____D () C:\Users\Marcos\Documents\Flight Simulator Files
2014-12-19 15:51 - 2012-03-01 20:16 - 00000000 ____D () C:\Users\Marcos\AppData\Local\GlobalMapper
2014-12-19 12:43 - 2012-03-02 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
2014-12-19 10:11 - 2012-02-09 01:01 - 00096088 _____ () C:\Users\Marcos\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 22:34 - 2014-11-29 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 15g
2014-12-18 18:53 - 2012-11-14 14:26 - 00000000 ____D () C:\ProgramData\Skype
2014-12-14 20:59 - 2012-06-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-11 22:16 - 2014-07-07 18:20 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe
2014-12-11 22:15 - 2013-01-25 08:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 22:15 - 2012-02-09 01:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 07:54 - 2012-08-27 09:45 - 00002490 _____ () C:\Users\Marcos\AppData\Roaming\WED.prefs
2014-12-09 09:00 - 2012-05-08 09:38 - 00667866 _____ () C:\Users\Marcos\Documents\FSB-LINKSANDSERIAISCOFIDENTIAL.xlsx
2014-12-09 07:54 - 2013-12-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsDreamTeam
2014-12-09 07:53 - 2012-02-11 15:22 - 00000000 ____D () C:\ProgramData\Esellerate

Files to move or delete:
====================
C:\ProgramData\Metrix.dat
C:\Users\Marcos\FSDreamTeam_GSX.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:27

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Marcos at 2015-01-08 10:34:52
Running from C:\Users\Marcos\Desktop\frst\websitehelp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Box Maker Professional (HKLM-x32\...\3D Box Maker Professional_is1) (Version:  - Blink Development)
3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
3dsmax ancillary install (x32 Version: 1 - Autodesk) Hidden
737 Pilot in Command (FSX) (HKLM-x32\...\737 Pilot in Command (FSX)) (Version:  - )
AAA Logo Business Edition 3.10 (HKLM-x32\...\AAA Logo 3.10 Business_is1) (Version:  - SWGSoft.com)
AC3D 6.5.28 (HKLM-x32\...\AC3D 6.5.28_is1) (Version:  - Inivis)
Ace Stream Media 2.1.10.1 (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\AceStream) (Version: 2.1.10.1 - Ace Stream Media)
Active Sky X (HKLM-x32\...\{A06A6679-41D7-48C5-82F8-7D3B0B654720}) (Version: 1.00.1056 - HiFi Flightware)
ActiveSky Version 6.5 and ActiveSky Graphics (HKLM-x32\...\{0F0D371F-C111-4279-963A-04139A5E49DB}) (Version: 0.6.995 - HiFi Simulation Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Aerosoft's - African Airstrip Adventures (HKLM-x32\...\{A5585C80-B880-454C-9798-68493715BA37}) (Version: 1.00 - Aerosoft)
Aerosoft's - DHC-6 Twin Otter X (HKLM-x32\...\{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}) (Version: 1.10 - Aerosoft)
aerosoft's - FlightSim Commander (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 8.2 - aerosoft)
aerosoft's - Mega Airport Lisbon X (HKLM-x32\...\{DAA73076-84A5-4141-A630-79380E48C9D0}) (Version: 1.10 - aerosoft)
Aerosoft's - Twin Otter X - Mission Pack (HKLM-x32\...\{E0BF8C31-2745-4186-A08D-05401FC95AE3}) (Version: 1.0 - Aerosoft)
AFX (HKLM-x32\...\afx) (Version:  - )
Air Hauler (Shared Components) (HKLM-x32\...\Uninstaller_B72FF000_Air Hauler) (Version: 2.65.10 - Just Flight Limited)
Airbus Series Vol.1 (FS X) (HKLM-x32\...\Airbus Series Vol.1 (FS X)) (Version:  - )
Airbus Series Vol.2 (FS X) (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Airbus Series Vol.2 (FS X)) (Version:  - )
AIRLINE (HKLM-x32\...\AIRLINE) (Version: v6 - Efzed)
Airport Wizard (HKLM-x32\...\{4B7962BC-FF0D-44A2-BFC4-BA6C36FB6731}) (Version: 1.03.0 - FlightSimTools.com)
Alaska Adventures 1.01 (HKLM-x32\...\Alaska Adventures 1.01) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Artisteer 2 (HKLM-x32\...\Artisteer 2) (Version: 2.3 - Extensoft)
Artisteer 3 (HKLM-x32\...\Artisteer 3) (Version: 3.0 - Extensoft)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Assetto Corsa Dedicated Server (HKLM-x32\...\Steam App 302550) (Version:  - )
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1347 - DsNET Corp)
Autodesk 3ds Max 2009 32-bit (HKLM-x32\...\{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 8 (HKLM-x32\...\{DBB313D6-4B13-4961-BD5F-673CDA1793CC}) (Version: 8.0 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM-x32\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.0.0 - Autodesk, Inc.)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Backburner (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 3.0 - Discreet)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Belzonte 3 (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Belzonte 3) (Version:  - )
BitRock InstallBuilder Enterprise (HKLM-x32\...\BitRock InstallBuilder Enterprise 7.2.5) (Version: 7.2.5 - BitRock)
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Camtasia Studio 6 (HKLM-x32\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Construction-Simulator 2015 (HKLM-x32\...\Steam App 289950) (Version:  - weltenbauer. Software Entwicklung GmbH)
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.2.0.12 - Corel Corporation) Hidden
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version:  - )
Creation Master 14.3 (HKLM-x32\...\Creation Master 14_is1) (Version:  - FIFA MASTER)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
DBS Walk And Follow (HKLM-x32\...\DBS Walk And Follow) (Version:  - )
Drive Health (HKLM-x32\...\Drive Health) (Version:  - Helexis Software Development)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
Eastside UK pre-game Editor v2007.1.7 (HKLM-x32\...\Eastside UK pre-game Editor for NHL EHM 2007_is1) (Version:  - Eastside UK)
EditVoicepack X (HKLM-x32\...\{493687F8-8D57-47C4-87B6-D46D7C5203BF}) (Version: 4.0.7 - Bevelstone Production)
E-Jets Series (FSX) (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\E-Jets Series (FSX)) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FaceGen Modeller 3.4 (HKLM-x32\...\{82B0940F-A8ED-4F74-935A-CF6AF8530769}) (Version: 3.4.0 - Singular Inversions Inc.)
FBX Plugin 2006.08 for Max 9.0 (HKLM-x32\...\FBX Plugin 2006.08 for Max 9.0) (Version:  - )
FBX Plugin 2009.0 for Max 2009 (HKLM-x32\...\FBX Plugin 2009.0 for Max 2009) (Version:  - )
FeelThere E-Jets v.2 (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\FeelThere E-Jets v.2) (Version:  - )
FenceBuilder Pro (HKLM-x32\...\FenceBuilder Pro1.0) (Version: 1.0 - FSAddon Publishing)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FM Genie Scout 12g version 1.2 (HKLM-x32\...\FM Genie Scout 12g_is1) (Version: 1.2 - )
FM Genie Scout 13g version 1.0 13.3.3 (HKLM-x32\...\FM Genie Scout 13g_is1) (Version: 1.0 13.3.3 - )
FM Genie Scout 14g version 1.2 14.3.1 (HKLM-x32\...\FM Genie Scout 14g_is1) (Version: 1.2 14.3.1 - )
FM Genie Scout 15g version 1.0 15.2.1 beta 9 (HKLM-x32\...\FM Genie Scout 15g_is1) (Version: 1.0 15.2.1 beta 9 - )
FMRTE 13.2.0.43 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.2.0.43 - Raul Bravo)
FMRTE 14.3.1.35 (HKLM\...\{067E314C-0505-406F-ABF5-AC601646E8B4}_is1) (Version: 14.3.1.35 - Raul Bravo)
FMRTE 15.2.1.10 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.2.1.10 - FMRTE)
FMRTE 5.2.4 (HKLM\...\{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1) (Version: 5.2.4 - Raul Bravo)
Fokker 70-100 FSX (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Fokker 70-100 FSX) (Version:  - )
Football Manager 2012 Editor (HKLM-x32\...\Steam App 71400) (Version:  - )
Football Manager 2012 Resource Archiver (HKLM-x32\...\Steam App 71410) (Version:  - )
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version:  - Sports Interactive)
Football Manager 2013 Resource Archiver (HKLM-x32\...\Steam App 220620) (Version:  - Sports Interactive)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version:  - )
Franchise Hockey Manager 2014 (HKLM-x32\...\Franchise Hockey Manager2014) (Version: 2014 - Out of the Park Developments)
Franchise Hockey Manager 2014 (HKLM-x32\...\Steam App 299890) (Version:  - Out of the Park Developments)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FS Texture Converter (HKLM-x32\...\FS Texture Converter) (Version: 1.03 - Elrond Elvish)
FS Water Configurator 3.15 (HKLM\...\FS Water Configurator) (Version:  - )
FS2XPlane (HKLM-x32\...\FS2XPlane) (Version: 3.26 - Jonathan Harris <x-plane@marginal.org.uk>)
FSBuild 2 (HKLM-x32\...\FSBuild 2) (Version: 1 - EA)
Fsbuild 2.4.0.18 (HKLM-x32\...\Fsbuild 2.4.0.18) (Version:  - )
FSDreamTeam GSX FSX (HKLM-x32\...\FSDreamTeam GSX FSX_is1) (Version: 1.9.0.2 - VIRTUALI Sagl)
FSDreamTeam GSX P3D v2.x (HKLM-x32\...\FSDreamTeam GSX P3D v2.x_is1) (Version: 1.9.0.2 - VIRTUALI Sagl)
FSDreamTeam GSX Vehicles Update 1.0 (HKLM-x32\...\FSDreamTeam GSX Vehicles Update_is1) (Version:  - )
FSrealWX lite version 1.01.1291 (HKLM-x32\...\FSrealWX lite_is1) (Version: 1.01.1291 - Hanse-Coders.)
FSTramp (HKLM-x32\...\{0B3EAF6B-BBF1-45EF-B4DA-D16DC7574507}_is1) (Version: 5.42 - Team FSTramp)
Game Dev Tycoon version 1.3.14 (HKLM-x32\...\Game Dev Tycoon_is1) (Version: 1.3.14 - The Void)
Game Stock Car Extreme 2013 v1.15 (HKLM-x32\...\R2FtZVN0b2NrQ2FyRXh0cmVtZTIwMTM=_is1) (Version: 1 - )
GBBD Banco do Brasil (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: GBBD Banco do Brasil - )
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
Global Mapper 13 (64-bit) (HKLM\...\{CB815A97-4F15-4FDB-B848-55DA9C9F5ADF}) (Version: 13.00.0010 - Blue Marble Geographics)
Global Mapper 14 (HKLM-x32\...\{95F1573A-3D8E-4546-A421-8F0B1A6591F6}) (Version: 14.00.0010 - Blue Marble Geographics)
GlobalMapper_64bit (HKLM\...\{C741B947-DDF9-40EE-A467-66CB2AE10FCC}) (Version: 11.01.0010 - Global Mapper Software)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
Google Chrome (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Satellite Maps Downloader 6.986 (HKLM-x32\...\Google Satellite Maps Downloader_is1) (Version:  - allallsoft.com)
Google SketchUp Pro 8 (HKLM-x32\...\{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
ICE AI Traffic for FSX (5.00) version 5.00 (HKLM-x32\...\{5F23C994-DED7-4AE0-B899-BBCBC57FC0F8}_is1) (Version: 5.00 - ICE AI Traffic Group)
ICQ 8.2 (build 6870) (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
ImageMagick 6.8.0-1 Q16 (2012-11-01) (HKLM-x32\...\ImageMagick 6.8.0 Q16_is1) (Version: 6.8.0 - ImageMagick Studio LLC)
InstallShield 2010 SP1 (HKLM-x32\...\{9CE57049-ECC4-4B93-9DCD-74B117592637}) (Version: 16.01.0000 - Acresso Software Inc.)
Instant Scenery (HKLM-x32\...\instant scenery2) (Version: 2.03 - Flight1 Software)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}) (Version: 1.0.0 - Pas)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2012) (Version: 1.0 - Receita Federal do Brasil)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.1 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.1 - Receita Federal do Brasil)
ISG FSX v1.7 (HKLM-x32\...\ISGv1.7_is1) (Version:  - SimMarket)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Flight - Air Hauler (HKLM-x32\...\{EF11FC33-6C4D-4AF3-8ECB-5D1917E0AEC1}) (Version: 1.00.0000 - Just Flight Ltd)
K-Lite Codec Pack 5.9.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.9.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Level-D 767-300 for FSX (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\Level-D 767-300 for FSX) (Version:  - )
LGMT scenery for FSX (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\LGMT scenery for FSX) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Majestic MJC8Q400 (HKLM-x32\...\MJC8Q400) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 4.0.44 (HKLM-x32\...\ManyCam) (Version: 4.0.44 - Visicom Media Inc.)
MapMart Data Discovery (HKLM-x32\...\{56B25106-8FCF-480A-804E-8522A4519F9E}) (Version: 1.2.9 - MapMart)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Expression Web (HKLM-x32\...\WebDesigner) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Flight Simulator 2004 Autogen SDK (HKLM-x32\...\{6C47FC43-571A-424D-B2C2-DE10D48E2371}) (Version: 1.00.0000 - Microsoft)
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{4847BBB9-EADD-4C92-90BF-4223B0892FF6}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Flight Simulator X SP2 SDK (HKLM-x32\...\{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 SP1 (HKLM\...\{AD483998-2E9A-4405-83FF-6E503AF49CBB}) (Version: 6.0.192.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Monitor da tecnologia Intel® Turbo Boost (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.5 - Intel)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.011 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NHL Eastside Hockey Manager 2007 (HKLM-x32\...\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}) (Version: 3.0.0 - SEGA)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.01 - aerosoft)
OMSI Addon Manager version 1.2.4 (HKLM-x32\...\{32B08666-1587-435D-988C-7958A04B218A}_is1) (Version: 1.2.4 - Jan Kiesewalter)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open Clouds (HKLM-x32\...\{4AC58A68-8485-4F70-BC25-34BB50AD0B30}) (Version: 1.16.0 - FSopen.co.uk)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
OverlayEditor (HKLM-x32\...\OverlayEditor) (Version: 2.24 - Jonathan Harris <x-plane@marginal.org.uk>)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
PlayClaw (HKLM-x32\...\PlayClaw) (Version: 2.1.0.1502 - Sytexis Software)
PlayClaw 3 (HKLM-x32\...\PlayClaw_is1) (Version: 3 - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
Pokki Download Helper (HKU\S-1-5-21-26202434-3474579419-60944970-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.5 - Portforward, LLC)
Prepar3D v2 Professional (HKLM-x32\...\{5DD3CF5D-9573-44A8-9543-D65BED953192}) (Version: 2.2.10437.0 - Lockheed Martin)
Prepar3D v2 Professional (x32 Version: 2.0.9448.0 - Lockheed Martin) Hidden
Prepar3D v2 SDK 2.0.9448.0 (HKLM-x32\...\{D4943829-5AAD-480C-82EF-39211F53DC76}) (Version: 2.0.9448.0 - Lockheed Martin)
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
PSPPContent (x32 Version: 15.2.0.12 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.6.2 (64-bit) (HKLM\...\{24aab420-4e30-4496-9739-3e216f3de6af}) (Version: 2.6.2150 - Python Software Foundation)
QGIS Dufour 2.0.1 Dufour (HKLM\...\QGIS Dufour) (Version:  - QGIS Development Team)
Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version:  - QGIS Development Team)
Quick 3D Cover 2.0.1 (HKLM-x32\...\Quick 3D Cover_is1) (Version:  - Nervepreserve.com)
Real Environment Xtreme + Overdrive (HKLM-x32\...\{256FA569-AAAA-43D5-B1D8-57406A9D3A9A}) (Version: 2.5.2010.1027 - Real Environment Simulations, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6299 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
REX Auto Update (HKLM-x32\...\REX Auto Update 1.0.2014.0603) (Version: 1.0.2014.0603 - REX Game Studios, LLC.)
REX Auto Update (x32 Version: 1.0.2014.0603 - REX Game Studios, LLC.) Hidden
REX Essential Plus Overdrive (HKLM-x32\...\{10D69816-2FA2-4071-A45E-2EC182FA2A7D}) (Version: 3.5.2012.1029 - REX Game Studios, LLC.)
SBuilderX313 (HKLM-x32\...\{E947C6F0-20AD-4A8F-823F-ADC1251FBE45}) (Version: 3.1.3 - PTSim)
SceneGenX Update (HKLM-x32\...\{F39597BE-661E-4985-9849-B4F394983E4C}) (Version: 1.1.61 - Thomas Hiscox)
SceneryConfigEditor v1.1.0 (remove only) (HKLM-x32\...\SceneryConfigEditor) (Version:  - )
SceneryTech Africa Landclass v1.0 (HKLM-x32\...\{DA17C501-E443-4371-873C-3C79373A2E33}) (Version: 1.0 - SceneryTech)
SceneryTech Europe Landclass v1.1 (HKLM-x32\...\{83FC981A-5557-4A2D-9C36-ED133DC5BFB9}) (Version: 1.1 - SceneryTech)
SceneryTech Indo-Pacific Landclass v1.0 (HKLM-x32\...\{EFF0D84D-C49A-461E-BC21-D6ED8B2C0D5D}) (Version: 1.0 - SceneryTech)
SceneryTech North America Landclass v1.4 (HKLM-x32\...\{E91C757A-854C-4057-A67D-7FAE297B2016}) (Version: 1.4 - SceneryTech)
SceneryTech South America Landclass v1.0 (HKLM-x32\...\{0DC9C45C-966C-488D-B97E-5C68E161CDCC}) (Version: 1.0 - SceneryTech)
Seamless Texture Creator 2.0 (HKLM-x32\...\Seamless Texture Creator_is1) (Version:  - EArt Media Software)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Setup (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Setup Factory 9 (HKLM-x32\...\Setup Factory 9) (Version: 9.0.4.0 - Indigo Rose Corporation)
Sky Simulations - MD-11 for FSX - N537JB (HKLM-x32\...\Sky Simulations - MD-11 for FSX - N537JB) (Version:  - )
Sky Simulations - MD-11 SP1 for FSX - N537JB (HKLM-x32\...\Sky Simulations - MD-11 SP1 for FSX - N537JB) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Noise Reduction Plug-In 2.0h (HKLM-x32\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
Sony Sound Forge 9.0 (HKLM-x32\...\{4AEA9A23-D627-4699-8A0F-FC474308C2E6}) (Version: 9.0.441 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steering wheel (HKLM-x32\...\{FFE5AA19-FE65-43C5-B021-BEF78A9358CE}) (Version: 1.00.0000 - MyPower)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Vegas Pro 9.0 (64-bit) (HKLM\...\{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}) (Version: 9.0.895 - Sony)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 2.9.0.24 - VIRTUALI Sagl)
VIRTUALI Addon ManagerX P3D v2.x (HKLM-x32\...\VIRTUALI Addon ManagerX P3D v2.x_is1) (Version: 2.9.0.24 - VIRTUALI Sagl)
Visual Batch (HKLM-x32\...\Visual Batch) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
V-Ray for 3dsmax 2013 for x64 (HKLM\...\V-Ray for 3dsmax 2013 for x64) (Version: 2.30.01 - Chaos Software Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-26202434-3474579419-60944970-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

08-01-2015 07:49:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:34 - 2015-01-06 10:08 - 00000996 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0    ib.pixadsserve.com
0.0.0.0    www.pixadsserve.com
0.0.0.0 www.allvoices.com
0.0.0.0 www.deletebloodcancer.org
0.0.0.0 www.tasgames.com
0.0.0.0 user-disp.tidaltv.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12938271-A0E4-489D-8A36-AC25E93D24FF} - System32\Tasks\REX Software Update for Auto Update => I:\REX Auto Update\updater.exe [2014-06-03] (REX Game Studios, LLC.)
Task: {14128180-BF79-41E5-B1E1-D47FA1E3D5E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {1AD5A7AE-A267-4A97-B3D6-2A962E3796D2} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {1AF3DC26-05BA-4A4E-A778-7942798FDF1E} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {1FAE140C-FAA9-4FEC-9DC0-BF48A1BEE666} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-7 No Task File <==== ATTENTION
Task: {38ECA034-3D80-4D36-BC94-797A2A422331} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {3CAC78CB-A22F-4546-86D7-B2E33F0A6881} - System32\Tasks\{7519310D-ADA8-464B-9460-2A35968B0B7B} => I:\3dsmax7\3dsmax.exe
Task: {47325F05-1930-450C-B861-320046ABE2BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)
Task: {47418483-3F16-4BFE-87AF-4FE5EBE399CC} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {4B0C4525-7B0F-4FF2-8616-7C2F082FE9CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {562AE491-C525-4C3B-A86F-6C5E9216F840} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-6 No Task File <==== ATTENTION
Task: {59CBEC77-764D-4E9F-8436-03861E531450} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5DDB8DD0-13A7-4710-A0FF-AA7AC12D09AA} - System32\Tasks\{3B55FBED-7D52-4E2D-BEE5-D08E8E0E729D} => pcalua.exe -a "I:\SimCity 4 Deluxe\EAUninstall.exe"
Task: {5E3B59D4-B9F3-4EAA-A51F-63CC7057DAAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {623B62BC-8FCB-4B8E-8452-A3FA56B6AE67} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-4 No Task File <==== ATTENTION
Task: {623DC4D8-C7DA-4B0F-A50C-F9522FD286C9} - System32\Tasks\{92001B4A-1C9A-4FFC-8644-50EA1E807EBA} => pcalua.exe -a "F:\download\fsbuild\FSBuild 2.0\Setup.exe" -d "F:\download\fsbuild\FSBuild 2.0"
Task: {7C4A1247-7B44-42B3-ADC8-0BEA25595AAC} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-5_user No Task File <==== ATTENTION
Task: {90BB8682-41F2-47ED-A8CF-1CC927585F9A} - System32\Tasks\{AB6F767C-3AB4-4634-B97F-2A7DD92CCAAB} => I:\3dsmax7\3dsmax.exe
Task: {95243302-8D49-426F-9568-21BCDA0EEF10} - \9a8dac4d-982c-490e-bbe9-07661ae40d70-3 No Task File <==== ATTENTION
Task: {AA84527D-09FB-4F23-AA55-63E017993F53} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-2 No Task File <==== ATTENTION
Task: {AC258C73-D041-4F41-9654-6460C5DFBB90} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-1 No Task File <==== ATTENTION
Task: {B6E3FDC3-0E54-44CE-96B4-70CCF9DF26DD} - System32\Tasks\TPNY => C:\Users\Marcos\AppData\Roaming\TPNY.exe <==== ATTENTION
Task: {BEE8CBA6-12BD-4205-891C-223750D41D8E} - System32\Tasks\EKS => C:\Users\Marcos\AppData\Roaming\EKS.exe <==== ATTENTION
Task: {C0BBA509-B231-4977-96D6-96F0FFB134FF} - \abcdf4dd-1c53-4ad7-ba02-54eed677f16f-5 No Task File <==== ATTENTION
Task: {DBBAA81A-D9D2-4885-B652-A03E2B3A42FE} - \SPBIW_UpdateTask_Time_333939353434333836392d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {FDD47F74-A877-4EA6-9B33-A4FBD7B42BFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: C:\Windows\Tasks\EKS.job => C:\Users\Marcos\AppData\Roaming\EKS.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000Core.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26202434-3474579419-60944970-1000UA.job => C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TPNY.job => C:\Users\Marcos\AppData\Roaming\TPNY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-02-29 09:48 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-04-06 22:44 - 2012-04-06 22:44 - 00002560 _____ () C:\Windows\runservice.exe
2011-09-14 20:19 - 2011-09-14 20:19 - 00086016 _____ () I:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2012-02-09 12:16 - 2005-09-21 15:13 - 00065536 _____ () C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
2014-06-29 12:21 - 2014-06-29 12:21 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2012-02-09 01:16 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-04-06 22:44 - 2012-04-06 22:44 - 00048640 _____ () C:\Windows\mmfs.dll
2014-11-20 13:44 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-04 21:25 - 2014-12-04 21:25 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-02 19:31 - 2015-01-02 19:31 - 00133120 _____ () C:\Users\Marcos\AppData\Roaming\dvmlqicl\colers.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:9129AF6F_Bb.gbp
AlternateDataStreams: C:\ProgramData\TEMP:64217CD0
AlternateDataStreams: C:\ProgramData\TEMP:74603393
AlternateDataStreams: C:\Users\Marcos\Documents\FM Genie Scout 13g.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marcos\Documents\FMRTE - FM13 (License Key).eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Google Update => "C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: PoivY => "C:\Program Files (x86)\PoivY\PoivY.exe" -nosplash -minimized
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Administrator (S-1-5-21-26202434-3474579419-60944970-500 - Administrator - Disabled)
fbwuser (S-1-5-21-26202434-3474579419-60944970-1005 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-26202434-3474579419-60944970-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-26202434-3474579419-60944970-1002 - Limited - Enabled)
Marcos (S-1-5-21-26202434-3474579419-60944970-1000 - Administrator - Enabled) => C:\Users\Marcos

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2015 09:52:41 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (01/08/2015 09:49:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/08/2015 08:58:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.2.1.0, time stamp: 0x548f21aa
Faulting module name: fm.exe, version: 15.2.1.0, time stamp: 0x548f21aa
Exception code: 0xc0000005
Fault offset: 0x00e43f06
Faulting process id: 0x2834
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (01/07/2015 10:54:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17784

Error: (01/07/2015 10:54:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17784

Error: (01/07/2015 10:54:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2015 10:54:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16786

Error: (01/07/2015 10:54:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16786

Error: (01/07/2015 10:54:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2015 10:54:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15772


System errors:
=============
Error: (01/04/2015 07:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YTDUpdt service failed to start due to the following error:
%%2

Error: (01/04/2015 07:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Monitoring Service service failed to start due to the following error:
%%2

Error: (01/04/2015 07:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Service service failed to start due to the following error:
%%2

Error: (01/04/2015 06:55:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YTDUpdt service failed to start due to the following error:
%%2

Error: (01/04/2015 06:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Monitoring Service service failed to start due to the following error:
%%2

Error: (01/04/2015 06:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/20/2013 02:52:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 20, Application Name: Microsoft Expression Web, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2201 seconds with 360 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-17 18:39:27.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:27.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:26.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 18:39:26.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-21 09:17:09.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Marcos\AppData\Local\Temp\mc23F0F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 8172.5 MB
Available physical RAM: 5932.71 MB
Total Pagefile: 16343.15 MB
Available Pagefile: 13556.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:28.05 GB) NTFS
Drive f: (HD500) (Fixed) (Total:407.17 GB) (Free:8.73 GB) NTFS
Drive g: (HD500P2) (Fixed) (Total:58.59 GB) (Free:2.74 GB) NTFS
Drive i: (Win8) (Fixed) (Total:465.76 GB) (Free:13.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0671E06B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 693FA74E)
Partition 1: (Not Active) - (Size=407.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 15CA3F5A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks again.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.