Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I now have a problem with slow keyboard typing [Closed]


  • This topic is locked This topic is locked

#1
swampwiz

swampwiz

    New Member

  • Member
  • Pip
  • 1 posts

This just started happening.  I should say that while surfing the 'net a few days ago, I got to a webpage that showed as the FBI MoneyGram virus that I managed to stop by simply terminating the browser application.  I have not seen anything like the total contol of the desktop that seems ot be associated with this virus.  Upon perusing some websites about this, I decided to install SpyHunter 4, which I now know to have been a mistake, and have since uninstalled it.  It seemed like it was only after this uninstallation that I began to notice problems with the keyboard problems with a side problem being that I could not type 'c' or 'h' - nor save the file (it said there was not enough memory) for a little while in Notepad until I terminated that.

 

Reading up on some threads at this forum, I went ahead and ran the OTL application, and have the results.  Thanks in advance for anyone's assistance.

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

OTL.Txt:

 

OTL logfile created on: 2015-01-02 20:09:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\_ DOWNLOADS
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
3.97 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 14.88% Memory free
7.93 Gb Paging File | 4.00 Gb Available in Paging File | 50.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 85.16 Gb Free Space | 36.57% Space Free | Partition Type: NTFS
Drive D: | 218.23 Gb Total Space | 114.47 Gb Free Space | 52.46% Space Free | Partition Type: NTFS
Drive G: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 1863.01 Gb Total Space | 137.15 Gb Free Space | 7.36% Space Free | Partition Type: NTFS
Drive J: | 930.86 Gb Total Space | 318.06 Gb Free Space | 34.17% Space Free | Partition Type: NTFS
Drive L: | 930.86 Gb Total Space | 183.46 Gb Free Space | 19.71% Space Free | Partition Type: NTFS
 
Computer Name: JEAN-PC | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015-01-02 20:08:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\_ DOWNLOADS\OTL.exe
PRC - [2014-12-16 12:04:48 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014-12-16 12:03:11 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014-12-16 12:03:10 | 000,702,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014-12-11 15:10:28 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-12-09 18:53:47 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
PRC - [2014-11-20 14:13:32 | 000,126,200 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014-11-20 14:13:28 | 000,166,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014-11-14 19:59:22 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014-11-09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014-11-09 21:56:14 | 003,653,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014-11-09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014-08-13 00:44:16 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
PRC - [2014-08-13 00:44:16 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
PRC - [2014-07-04 10:55:34 | 016,427,384 | ---- | M] (magicJack L.P.) -- C:\Users\Jean\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2014-05-23 12:09:00 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014-05-23 12:06:20 | 001,852,264 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
PRC - [2014-05-08 07:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-12-06 08:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013-12-06 08:47:20 | 000,662,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2013-12-06 08:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013-09-24 14:02:59 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013-08-26 14:33:22 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
PRC - [2013-08-26 14:33:22 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
PRC - [2013-03-02 18:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2011-12-16 03:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2009-07-24 00:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009-07-23 07:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
PRC - [2009-04-23 11:24:44 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009-04-01 11:05:34 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2008-12-22 07:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008-08-13 10:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008-08-13 10:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008-08-13 06:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2007-11-30 01:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-12-11 15:10:23 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014-12-09 18:53:46 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
MOD - [2014-10-18 22:45:21 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\5e84979fadb7eb63caedea9f4acefcc9\System.Data.Linq.ni.dll
MOD - [2014-10-18 22:44:11 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014-10-18 22:44:09 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll
MOD - [2014-10-18 22:06:25 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014-10-18 22:05:52 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014-10-18 22:05:40 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014-10-17 19:31:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014-10-17 19:31:19 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014-10-17 19:31:17 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014-10-17 19:30:32 | 013,643,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d12ecb88500237067aa30b40081d51b7\System.Web.ni.dll
MOD - [2014-10-17 17:46:41 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014-10-17 17:46:03 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014-10-17 17:45:57 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014-10-17 17:45:40 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014-10-17 17:45:38 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014-10-17 17:45:37 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014-10-17 17:45:30 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014-10-17 17:45:15 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014-10-17 17:45:14 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014-10-17 17:44:59 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014-10-17 17:44:47 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014-10-17 17:44:39 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014-10-17 17:44:37 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014-08-12 23:27:44 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
MOD - [2014-07-29 03:34:32 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
MOD - [2014-07-04 11:00:12 | 000,084,344 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\mjusbsp\octvqem_apiw.dll
MOD - [2014-03-01 02:41:48 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014-02-28 20:07:25 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013-07-15 11:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009-07-24 00:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007-11-30 01:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-11-21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-09-26 10:50:48 | 000,088,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2013-05-26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013-03-02 20:18:16 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2013-01-17 06:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011-12-15 01:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011-12-15 01:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011-12-15 01:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2007-08-07 14:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2014-12-16 12:04:48 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014-12-16 12:03:30 | 000,992,560 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014-12-16 12:03:11 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014-12-11 15:10:25 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-12-09 18:53:48 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-11-20 14:13:28 | 000,166,192 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014-11-09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-11-09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014-05-23 12:09:00 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014-05-08 07:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-04-09 07:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV - [2014-03-20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013-12-06 08:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013-12-06 08:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013-09-11 14:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-08-26 14:33:22 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013-07-24 23:24:42 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-25 08:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013-03-02 18:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012-11-24 20:13:12 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2009-07-23 07:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)
SRV - [2008-08-13 10:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015-01-02 02:45:35 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014-10-30 06:31:04 | 000,027,552 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2014-10-29 21:35:16 | 000,263,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-10-09 05:16:17 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014-10-09 05:16:16 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014-10-05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-08-28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-08-15 12:54:56 | 001,670,784 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV:64bit: - [2014-08-15 12:53:26 | 001,668,352 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw72ATV.sys -- (hcw72ATV)
DRV:64bit: - [2014-08-15 12:52:16 | 000,038,656 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV:64bit: - [2014-07-18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-06-18 20:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-06-18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-06-18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-02-26 04:09:04 | 000,204,032 | ---- | M] (WinISO.com) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WinisoCDBus.sys -- (WinisoCDBus)
DRV:64bit: - [2013-12-06 08:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013-11-25 19:21:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013-11-13 11:42:00 | 000,039,576 | ---- | M] (wj32) [Kernel | On_Demand | Stopped] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV:64bit: - [2013-10-13 18:32:21 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013-10-11 16:43:28 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2013-10-11 16:15:58 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2013-10-11 16:15:44 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-10-11 02:48:36 | 000,073,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcdriver.sys -- (hcdriver)
DRV:64bit: - [2013-09-14 00:24:26 | 000,143,096 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDriver)
DRV:64bit: - [2013-07-11 01:25:54 | 000,380,680 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012-03-01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-10 21:59:34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0200.sys -- (RsFx0200)
DRV:64bit: - [2011-03-11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-02-02 14:05:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010-02-02 14:05:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010-01-26 20:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009-12-01 12:19:16 | 000,649,472 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009-12-01 12:18:32 | 000,617,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009-09-15 09:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009-07-13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-06-10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-05-06 06:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010-02-02 14:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010-02-02 14:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009-08-28 01:26:52 | 000,022,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DScaler\DSDrv4amd64.sys -- (DSDrv4AMD64)
DRV - [2009-07-13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: autoformer2%40mozilla.org:1.1.0
FF - prefs.js..extensions.enabledAddons: %7B0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3%7D:2.0.6
FF - prefs.js..extensions.enabledAddons: %7B5C655500-E712-41e7-9349-CE462F844B19%7D:1.0
FF - prefs.js..extensions.enabledAddons: fasttrans%40kemot:1.10.2
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.14.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: bartap%40philikon.de:2.1b2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX [2013-10-12 20:53:19 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 25.1.0\extensions\\Components: C:\PROGRAM FILES\PALE MOON\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 25.1.0\extensions\\Plugins: C:\PROGRAM FILES\PALE MOON\PLUGINS [2014-09-12 16:23:45 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 30.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 30.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS [2014-09-12 16:23:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files (x86)\K-Meleon\Plugins [2014-09-11 20:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files (x86)\K-Meleon\Components [2013-10-13 06:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-12-11 15:10:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-12-11 15:10:09 | 000,000,000 | ---D | M]
 
[2013-10-11 17:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
[2014-12-26 19:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions
[2014-09-06 17:21:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014-12-11 17:02:22 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2014-04-13 01:29:36 | 000,000,000 | ---D | M] (Fast Translation) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2014-05-14 16:58:17 | 000,947,620 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2013-10-15 07:51:51 | 000,031,289 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2014-11-15 11:51:28 | 000,024,057 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2014-11-26 00:41:14 | 000,790,654 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2014-12-18 19:42:21 | 000,590,847 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\[email protected]
[2013-10-15 07:51:50 | 000,020,628 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
[2014-10-21 19:09:36 | 000,537,656 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013-10-15 07:51:50 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2014-12-26 19:42:12 | 000,544,302 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014-07-23 14:21:11 | 000,017,150 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
[2014-11-12 10:37:17 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014-12-22 19:42:08 | 000,029,104 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}.xpi
[2014-10-29 18:12:50 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014-06-10 15:40:58 | 000,001,874 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2x29j681.default\searchplugins\duckduckgo.xml
[2014-12-11 15:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014-12-11 15:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-12-11 15:10:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-07-28 05:09:22 | 000,186,912 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljapbgkmlngdpckoiiibecpemleclhh\1.2_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.17_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009-06-10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000..\Run: [cdloader] C:\Users\Jean\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000..\Run: [Process Hacker 2] C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
O4 - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000..\Run: [qBittorrent] C:\Program Files (x86)\qBittorrent\qbittorrent.exe ()
O4 - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3001965132-3898090023-1802478263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28897DA9-1DC3-4BC5-9DCE-D7F6F4E2A261}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA7137A8-9ED2-4D96-91B3-DE72362D084A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015-01-01 12:15:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-06-18 15:12:18 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009-06-18 15:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{05102f6e-5689-11e3-9af1-90e6ba1db718}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{05102f6e-5689-11e3-9af1-90e6ba1db718}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\{0d9c9f29-87b5-11e4-8be2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9c9f29-87b5-11e4-8be2-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{0d9c9f32-87b5-11e4-8be2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9c9f32-87b5-11e4-8be2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{16b48840-639a-11e4-a986-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{16b48840-639a-11e4-a986-90e6ba3aa19e}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{16b4885f-639a-11e4-a986-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{16b4885f-639a-11e4-a986-90e6ba3aa19e}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6ee6bb41-3eba-11e3-b834-90e6ba1db718}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee6bb41-3eba-11e3-b834-90e6ba1db718}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6ee6bb45-3eba-11e3-b834-90e6ba1db718}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee6bb45-3eba-11e3-b834-90e6ba1db718}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{6ee6bb72-3eba-11e3-b834-90e6ba1db718}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee6bb72-3eba-11e3-b834-90e6ba1db718}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6ee6bb7e-3eba-11e3-b834-90e6ba1db718}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee6bb7e-3eba-11e3-b834-90e6ba1db718}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{7322162b-78bd-11e3-98e7-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{7322162b-78bd-11e3-98e7-90e6ba3aa19e}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{7322162d-78bd-11e3-98e7-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{7322162d-78bd-11e3-98e7-90e6ba3aa19e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{749f377b-814d-11e4-b70a-90e6ba3aa19e}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{749f377b-814d-11e4-b70a-90e6ba3aa19e}\Shell\phone\command - "" = H:\autorun.exe
O33 - MountPoints2\{9c062baa-925f-11e4-8fa2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c062baa-925f-11e4-8fa2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{9c062bb0-925f-11e4-8fa2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c062bb0-925f-11e4-8fa2-806e6f6e6963}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{b8be37b8-8d41-11e4-8a45-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{b8be37b8-8d41-11e4-8a45-90e6ba3aa19e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b8be37ca-8d41-11e4-8a45-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{b8be37ca-8d41-11e4-8a45-90e6ba3aa19e}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{c73e7de4-78b9-11e4-b6bf-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{c73e7de4-78b9-11e4-b6bf-90e6ba3aa19e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{c73e7dec-78b9-11e4-b6bf-90e6ba3aa19e}\Shell - "" = AutoRun
O33 - MountPoints2\{c73e7dec-78b9-11e4-b6bf-90e6ba3aa19e}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{ecf6aa1d-355f-11e3-93b5-90e6ba1db718}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{ecf6aa1d-355f-11e3-93b5-90e6ba1db718}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009-08-17 11:53:00 | 002,770,432 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015-01-01 05:01:06 | 000,000,000 | ---D | C] -- C:\Users\Jean\Desktop\RK_Quarantine
[2014-12-23 13:18:09 | 000,000,000 | ---D | C] -- C:\Users\Jean\Desktop\_ COUPONS
[2014-12-11 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014-12-11 03:36:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014-12-09 18:12:53 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Avg_Update_1214av
[2014-12-09 18:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1214av
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015-01-02 20:05:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015-01-02 19:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015-01-02 18:39:19 | 000,000,950 | ---- | M] () -- C:\Users\Jean\Desktop\magicJack.lnk
[2015-01-02 18:05:36 | 000,031,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015-01-02 18:05:36 | 000,031,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015-01-02 17:52:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015-01-02 17:51:21 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2015-01-02 17:22:38 | 000,017,888 | ---- | M] () -- C:\Users\Jean\Desktop\Untitled 1.odt
[2015-01-02 12:02:06 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2015-01-02 03:29:02 | 000,919,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015-01-02 03:29:02 | 000,758,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015-01-02 03:29:02 | 000,160,222 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015-01-02 02:45:35 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015-01-01 15:20:13 | 001,640,622 | ---- | M] () -- C:\Users\Jean\Documents\USBOblivion-64-JEAN-PC-150101-152002.reg
[2015-01-01 12:15:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014-12-28 21:20:49 | 000,018,025 | ---- | M] () -- C:\Users\Jean\Desktop\accounts.ods
[2014-12-28 16:49:20 | 000,013,945 | ---- | M] () -- C:\Users\Jean\Desktop\Bag Comparison.ods
[2014-12-19 12:08:31 | 002,214,946 | ---- | M] () -- C:\Users\Jean\Documents\USBOblivion-64-JEAN-PC-141219-120821.reg
[2014-12-15 14:01:01 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015-01-02 17:22:32 | 000,017,888 | ---- | C] () -- C:\Users\Jean\Desktop\Untitled 1.odt
[2015-01-01 15:20:02 | 001,640,622 | ---- | C] () -- C:\Users\Jean\Documents\USBOblivion-64-JEAN-PC-150101-152002.reg
[2015-01-01 12:15:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014-12-27 11:27:14 | 000,013,945 | ---- | C] () -- C:\Users\Jean\Desktop\Bag Comparison.ods
[2014-12-19 12:08:21 | 002,214,946 | ---- | C] () -- C:\Users\Jean\Documents\USBOblivion-64-JEAN-PC-141219-120821.reg
[2014-12-15 14:01:01 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014-11-30 13:57:35 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2014-11-30 13:57:33 | 000,000,401 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014-11-30 13:51:42 | 000,038,194 | ---- | C] () -- C:\Windows\Irremote.ini
[2014-11-30 13:49:27 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2014-11-30 13:45:02 | 000,004,654 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2014-11-08 14:42:56 | 003,211,264 | ---- | C] () -- C:\Users\Jean\WAStorageEmulatorDb33.mdf
[2014-11-08 14:42:56 | 000,851,968 | ---- | C] () -- C:\Users\Jean\WAStorageEmulatorDb33_log.ldf
[2014-08-03 12:53:32 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSIPDDP.SYS
[2013-10-29 16:21:17 | 000,007,596 | ---- | C] () -- C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
[2013-10-17 23:03:06 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013-10-12 20:53:19 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2013-10-11 14:29:00 | 000,911,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009-07-13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-06-24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-06-24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-10-18 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013-10-18 23:22:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-10-13 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Ad-Aware Antivirus
[2014-12-20 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Audacity
[2014-10-16 08:49:41 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Auslogics
[2013-11-25 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\AVAST Software
[2014-11-19 09:41:02 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\AVG2015
[2014-12-09 18:12:55 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Avg_Update_1214av
[2014-12-17 02:36:31 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\avidemux
[2014-05-02 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\BatteryBar
[2014-07-02 03:39:24 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\calibre
[2013-10-11 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Canneverbe Limited
[2014-06-27 15:28:56 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Digiarty
[2013-10-11 18:36:28 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Dropbox
[2013-10-23 06:52:02 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\DScaler4
[2013-10-11 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Foxit Software
[2013-10-12 14:39:06 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\freac
[2014-07-26 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Gui4Cli
[2014-07-26 15:06:21 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\HandBrake
[2013-10-14 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\HeidiSQL
[2014-05-02 13:42:40 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Hulubulu
[2014-11-08 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\JGsoft
[2013-10-11 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\K-Meleon
[2013-10-14 07:27:02 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\KompoZer
[2013-12-07 20:26:31 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Locate32
[2013-10-12 16:05:44 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\LockHunter
[2013-10-11 14:52:57 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Lunascape
[2015-01-02 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\mjusbsp
[2013-10-12 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Moonchild Productions
[2013-10-17 08:49:13 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Notepad++
[2014-11-12 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\OfficeRecovery
[2013-10-13 08:04:23 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\OpenOffice
[2013-10-11 14:50:31 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Opera Software
[2014-05-11 00:09:43 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Oracle
[2013-11-06 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\PhotoScape
[2014-11-08 08:33:16 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\PicPick
[2013-10-22 11:06:10 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Process Hacker 2
[2013-10-11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\ProXoft
[2013-10-14 06:51:57 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\PyScripter
[2014-09-30 16:57:36 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\qBittorrent
[2013-10-11 17:15:29 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\skychart
[2013-10-11 18:50:13 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Softland
[2014-05-29 15:43:10 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Stellarium
[2013-10-14 07:31:07 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Telerik
[2014-11-06 08:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\TeraCopy
[2014-11-13 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\tixati
[2013-10-15 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\TuneUp Software
[2014-05-12 07:38:05 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\uTorrent
[2013-10-12 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\VDownloader
[2014-12-06 09:13:38 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\WinFF
[2014-05-13 12:37:37 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\WinISO Computing
[2014-09-08 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\WinMount
[2013-10-11 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\WinPatrol
[2013-11-19 23:28:09 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\www.shadowexplorer.com
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013-11-25 19:22:03 | 106,156,080 | ---- | M] ()(C:\Windows\SysWow64\???k) -- C:\Windows\SysWow64\器崠၄k
[2013-11-25 16:27:48 | 106,156,080 | ---- | C] ()(C:\Windows\SysWow64\???k) -- C:\Windows\SysWow64\器崠၄k
[2013-11-10 09:04:28 | 103,467,942 | ---- | M] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\㢂薬၄¨
[2013-11-09 15:05:17 | 103,467,942 | ---- | C] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\㢂薬၄¨
[2013-11-09 04:42:04 | 103,378,319 | ---- | M] ()(C:\Windows\SysWow64\???®) -- C:\Windows\SysWow64\仉ゴ၄®
[2013-11-09 04:42:04 | 103,378,319 | ---- | C] ()(C:\Windows\SysWow64\???®) -- C:\Windows\SysWow64\仉ゴ၄®
[2013-11-04 18:40:23 | 105,017,276 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\煠拱၄
[2013-11-04 18:40:23 | 105,017,276 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\煠拱၄
[2013-10-26 10:08:22 | 103,108,672 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䆪馧၄
[2013-10-25 09:07:55 | 103,108,672 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䆪馧၄
[2013-10-24 00:29:31 | 102,758,948 | ---- | M] ()(C:\Windows\SysWow64\???¤) -- C:\Windows\SysWow64\봂၄¤
[2013-10-24 00:29:31 | 102,758,948 | ---- | C] ()(C:\Windows\SysWow64\???¤) -- C:\Windows\SysWow64\봂၄¤
[2013-10-19 13:44:52 | 101,983,560 | ---- | M] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\臕胎၄¦
[2013-10-18 13:59:41 | 101,983,560 | ---- | C] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\臕胎၄¦
[2013-10-17 14:07:47 | 101,604,844 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\먏┈ང
[2013-10-15 07:49:44 | 101,604,844 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\먏┈ང
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

Extras.Txt
 

OTL Extras logfile created on: 2015-01-02 20:09:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\_ DOWNLOADS
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
3.97 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 14.88% Memory free
7.93 Gb Paging File | 4.00 Gb Available in Paging File | 50.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 85.16 Gb Free Space | 36.57% Space Free | Partition Type: NTFS
Drive D: | 218.23 Gb Total Space | 114.47 Gb Free Space | 52.46% Space Free | Partition Type: NTFS
Drive G: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 1863.01 Gb Total Space | 137.15 Gb Free Space | 7.36% Space Free | Partition Type: NTFS
Drive J: | 930.86 Gb Total Space | 318.06 Gb Free Space | 34.17% Space Free | Partition Type: NTFS
Drive L: | 930.86 Gb Total Space | 183.46 Gb Free Space | 19.71% Space Free | Partition Type: NTFS
 
Computer Name: JEAN-PC | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = K-Meleon.HTML] -- C:\Program Files (x86)\K-Meleon\K-Meleon.exe (http://kmeleon.sf.net/)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = K-Meleon.HTML] -- C:\Program Files (x86)\K-Meleon\K-Meleon.exe (http://kmeleon.sf.net/)
 
[HKEY_USERS\S-1-5-21-3001965132-3898090023-1802478263-1000\SOFTWARE\Classes\<extension>]
.html [@ = PaleMoonHTML] -- C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)
https [open] -- "C:\Program Files (x86)\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [abcAVI Tag Editor] -- "C:\Program Files (x86)\abcAVI\avi_tags.exe" "%1" (Alexander A. Sorkin)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [BWMaxView] -- "C:\Program Files (x86)\FastStone MaxView\MaxView.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Unstopcp] -- "C:\Program Files (x86)\Roadkil.Net\UnstopCpy_5_2_Win2K_UP.exe" "%1" * (Roadkil.Net)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)
https [open] -- "C:\Program Files (x86)\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [abcAVI Tag Editor] -- "C:\Program Files (x86)\abcAVI\avi_tags.exe" "%1" (Alexander A. Sorkin)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [BWMaxView] -- "C:\Program Files (x86)\FastStone MaxView\MaxView.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Unstopcp] -- "C:\Program Files (x86)\Roadkil.Net\UnstopCpy_5_2_Win2K_UP.exe" "%1" * (Roadkil.Net)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{158A3CEB-C7C4-4DFB-9CC0-1D37EE72A165}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{E6DE471F-AC8F-4A24-B318-874C2A718C7E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B937A2-90D6-494F-9238-37CB8263737A}" = protocol=17 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\9.0\wolframcdfplayer.exe |
"{166E4A5A-A84A-4679-8F37-652045D5C041}" = protocol=17 | dir=in | app=c:\users\jean\appdata\roaming\utorrent\utorrent.exe |
"{262BFDE6-ABE3-49CF-AEFB-5568AD9C27A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{30579D14-92CA-4A0C-B2E8-BF9301EB5B5B}" = protocol=17 | dir=in | app=c:\users\jean\appdata\roaming\dropbox\bin\dropbox.exe |
"{3EDAE41B-241D-42F2-AD19-9C6B54B464DA}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\tvserver\capturedcr.exe |
"{4D7000B9-2FC2-44B5-AD37-F5B36420EC3A}" = protocol=6 | dir=in | app=c:\users\jean\appdata\roaming\dropbox\bin\dropbox.exe |
"{4E5E8DA9-DE70-4557-A4A9-10B3593009B5}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{5A94D6DB-308D-45AC-8089-0439487F4B91}" = protocol=6 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\9.0\wolframcdfplayer.exe |
"{62776862-1BC2-42CC-8A26-2CB856E5A87B}" = protocol=6 | dir=in | app=c:\users\jean\appdata\roaming\mjusbsp\magicjack.exe |
"{6745961D-4BB7-4141-B94A-72E8877323CC}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{6928A23A-784A-4D30-AD31-EB4DDF0F9C45}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{69330416-CE34-4651-A77F-6A24AD200EEB}" = protocol=17 | dir=in | app=c:\users\jean\appdata\roaming\mjusbsp\magicjack.exe |
"{6FA0826C-2571-45C4-9E83-20306B238BB4}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{72A1E9AB-D5FB-4B8B-B70B-60B78B7E98CC}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{72F38340-2F46-4F10-8584-EAC9748E05F2}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{741241FB-DA2C-439A-8C18-297AE2376F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{748CB162-5542-4776-BAE7-FCFA86385E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\tvserver\capturedcr.exe |
"{7CADC34B-169D-4A7C-AAA3-80A6A37B7289}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{89FB1830-E510-4B52-A5AF-5E6783682513}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\tvserver\capturedcr.exe |
"{92C911C1-13B8-496C-A373-40D1D41F5649}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{9D31CD13-6916-4088-AB6C-1FE7D8A9D57D}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{A5A33BB2-FEB9-48B8-981E-2569275F2C17}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{BDE237CB-467B-43DE-8B08-1C71B43A4BE7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{C09223FD-FEFF-4012-AE23-4E5D00DAC23D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{C55FE187-B91F-44F6-8F05-B6FC0B339592}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C6031CED-9BEA-4A81-AA87-F9BAAE226059}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{C61D1558-0AC3-4876-8D16-324D38001D5D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{C81B1074-278B-4324-966B-0D3C1CF250E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{D0ACB39D-F4BB-4A31-9B9A-6655A2E49BED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D26E51C3-BF15-4B85-B260-585B013857FC}" = protocol=17 | dir=in | app=c:\users\jean\appdata\roaming\mjusbsp\magicjack.exe |
"{D3691BF6-6C2F-4921-B33A-E6D496F1AA26}" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\tvserver\capturedcr.exe |
"{D413B1CB-B622-48A0-840B-122EC8C11604}" = protocol=6 | dir=in | app=c:\users\jean\appdata\roaming\utorrent\utorrent.exe |
"{DA4CA68A-7B28-4BD3-9134-3F566A926243}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{DA56E1E9-9456-4B47-8D78-D27886C25D01}" = protocol=6 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\9.0\math.exe |
"{DF06C8E5-5192-48C6-BA19-AF7D4A7D8694}" = protocol=6 | dir=in | app=c:\users\jean\appdata\roaming\mjusbsp\magicjack.exe |
"{E12FA7A1-269F-4BB6-B486-0D8648666955}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{EAA95227-11B4-403A-A63E-A86CFC7096C8}" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"{FCA51C6E-EAFD-4CBE-A110-3DC21016FD10}" = protocol=17 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\9.0\math.exe |
"{FE8060D4-3FE1-4DF2-AC23-9915461B0954}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"TCP Query User{0F814DD0-81F0-4FAD-B0B9-86FF3F1025AE}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"TCP Query User{36B441EC-13C2-4301-AEBE-05B0805CCB57}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"TCP Query User{B38CE4A9-5CA2-4B26-818A-D493BC7B4883}C:\program files (x86)\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
"UDP Query User{21736E15-BAFE-412C-A12B-3EF5A42BF59C}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"UDP Query User{71C30F3E-8697-416E-8D3F-CD2C4DAC515F}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"UDP Query User{E31DB01A-44C4-4EDB-B01D-2E83F49AE717}C:\program files (x86)\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wintv\wintv7\wintv7.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services
"{1A81DA24-AF0B-4406-970E-54400D6EC118}" = Microsoft Web Deploy 3.5
"{1AB56376-F70E-4951-A097-27CFEC34E5ED}" = AVG 2015
"{1D411379-9CE0-4B13-A19B-72D3222DD620}" = SQL Server 2012 Common Files
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{26A24AE4-039D-4CA4-87B4-2F06417060FF}" = Java 7 Update 60 (64-bit)
"{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}" = SQL Server 2012 Management Studio
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{301DAC0A-285C-4BB1-A68E-7393673E9E69}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
"{34A7A77A-A23D-44ED-B3B6-EC8198BE2622}" = SQL Server 2012 Full text search
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012
"{41357956-5B67-489C-9F7D-FABACC2CD3CB}" = AVG 2015
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{471A5E5F-3725-4484-B5DC-9F782678B7D5}" = EMCO MoveOnBoot 2.3
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4D84C195-86F0-4B34-8FDE-4A17EB41306A}" = Microsoft Web Platform Installer 5.0
"{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared
"{5DDC2234-4B37-45BC-AD33-41F1469B4D83}" = Microsoft SQL Server 2012 Setup (English)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{64A3A4F4-B792-11D6-A78A-00B0D0170400}" = Java SE Development Kit 7 Update 40 (64-bit)
"{656E214E-B73F-458C-AD64-ED316F008207}" = SQL Server 2012 BI Development Studio
"{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}" = SQL Server 2012 Database Engine Shared
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{6D8BD3DF-0EA4-4BB1-AA57-0BBA9A804E24}" = Microsoft Azure Authoring Tools - v2.4.1
"{7272DF1C-2F88-43AC-A481-84DD67DF9746}" = SQL Server 2012 Documentation Components
"{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}" = PDFill FREE PDF Tools
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7B72F338-EBCC-32A6-A44C-DEF9B436AEF2}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}" = SQL Server 2012 Database Engine Services
"{87D5082F-F857-40FE-9C8A-3F2B6C39F426}" = paint.net
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8D006046-B0A3-412D-AB23-7212C3954CB2}" = USB 2.0 Command Verifier - x64 (1.4.10.2)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A0F05048-7653-4FCD-9F3A-C740E4052ACE}" = Microsoft SQL Server 2012 RsFx Driver
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1627
"{AAFF73AD-3432-3575-ABD1-14E48EF2F4CB}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}" = SQL Server 2012 Documentation Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program
"{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}" = Microsoft SQL Server 2012 T-SQL Language Service
"{CECA0188-BD7A-43EF-B1F7-DDF719099C46}" = SQL Server 2012 Documentation Components
"{D307B5CF-D1F0-48A4-8DA3-54765F535208}" = SQL Server 2012 SQL Data Quality Common
"{D6B04ED9-386E-4157-AF50-64A43700FADC}" = Microsoft Azure Libraries for .NET – v2.4
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DBDD570E-0952-475f-9453-AB88F3DD565a}" = Python 2.7.5 (64-bit)
"{DCCB1789-1DA0-4E3A-A52F-7815B602CC98}" = SQL Server 2012 Reporting Services
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E7DD9E2F-25BB-3488-AA6A-6C5A9A27DA76}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{EC39CC32-E144-42E4-9A59-53C20B408BDE}" = WD SmartWare
"{EE1B54D1-BFBC-4C19-8D66-E0AF3E967896}" = SQL Server 2012 BI Development Studio
"{EE346AB6-C9CF-47BE-8FA2-957604205F3E}" = Microsoft Azure Compute Emulator - v2.4
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{FCD81E1A-6ED6-4F19-A572-82FFE102654E}" = SQL Server 2012 Reporting Services
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE783A39-B07F-41CA-AFDC-CDAB44F8B25F}" = Visual Studio Online Application Insights Status Monitor
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
"AVG" = AVG 2015
"A-WIN-Extras 9.0.1 4092550_is1" = Mathematica Extras 9.0 (4092550)
"Blender" = Blender
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"doPDF 7 printer_is1" = doPDF 7.3 printer
"EditPad Lite" = EditPad Lite 7.3.4
"Elantech" = ETDWare PS/2-X64 11.5.11.3_WHQL
"ffdshow64_is1" = ffdshow x64 v1.3.4500 [2013-01-06]
"File Shredder_is1" = File Shredder 2.5
"GIMP-2_is1" = GIMP 2.8.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"HWiNFO64_is1" = HWiNFO64 Version 4.46
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"MatlabR2010a" = MATLAB R2010a
"Microsoft Azure Compute Emulator - v2.4" = Microsoft Azure Compute Emulator - v2.4
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-bit)
"M-WIN-G 7.0.0 1148361_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Pale Moon 25.1.0 (x64 en-US)" = Pale Moon 25.1.0 (x64 en-US)
"Personal Backup 5_is1" = Personal Backup 5.5
"Process_Hacker2_is1" = Process Hacker 2.33 (r5590)
"Puran Utilities_is1" = Puran Utilities 2.0
"PyScripter_is1" = PyScripter 2.5.3
"Recuva" = Recuva
"scilab-5.4.1 (64-bit)_is1" = scilab-5.4.1 (64-bit)
"Search and Replace (x64 Shareware)_is1" = Search and Replace (x64)
"Speccy" = Speccy
"spyder-py2.7" = Python 2.7 Spyder 2.2.5
"Stellarium_is1" = Stellarium 0.12.2
"TeraCopy_is1" = TeraCopy 2.3
"VLC media player" = VLC media player 2.1.0
"VPython for Python 2.7_is1" = VPython 6.05
"Waterfox 30.0 (x64 en-US)" = Waterfox 30.0 (x64 en-US)
"WinFF_is1" = WinFF 1.5.2 64 bit (Codename EMMA)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012D26C3-E12A-3BDA-8ECE-DF14E721A507}" = Microsoft Visual Studio 2010 Shell (Integrated) - ENU
"{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}" = Microsoft WorldWide Telescope
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{0C003412-50FC-4619-8CBB-D8F279770A3B}" = Microsoft Azure Command Line Tools
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}" = FreeUndelete 2.1.36867.1
"{14F06853-8A15-4731-BBDC-C9B40A866A63}" = Virtual VCR
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{191A6F65-6878-398D-A272-EF011B80F371}" = Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1D3F5D17-BAD3-4D33-9F4E-AFCC44238626}" = Microsoft Visual Studio 2012 Preparation
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21388E37-9EC5-4549-95CA-95D9B2D327A4}" = Avira
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{23A3E3F8-91B4-4C5A-9E69-6747CF6D426B}" = Microsoft SQL Server Data Tools - enu (11.1.20905.0)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1" = Greenfish Icon Editor Pro 3.31
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{2AC3FCD3-3413-4F95-AEE1-E66618D982AD}" = Vbox2 Advanced
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DBCCABB-3D5B-4FB4-B1C1-5C29F3EA104C}" = Windows Azure Storage Emulator - v3.3
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 4.2.2
"{417A3FEE-BDB8-3CAA-819C-766E79CD2E0F}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{44B185C4-2566-4F38-A4F1-092FCDBB51A5}" = CalcTape
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{503336C5-965C-415B-B535-CD42C0FD013E}" = Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web - ENU
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.25
"{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}" = Microsoft Visual Studio Tools for Applications Design-Time 3.0
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.0
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5E877D64-5A88-46AA-8352-DAFA8CE1FF52}" = IronPython 2.7.4
"{605FFCBB-EC5A-485C-B27E-189F1C8A96E5}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{623ABB38-F593-3706-B799-EEEC72ED96F4}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{62BC36B2-F9FB-405F-94B4-F2D3A71C402D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web - ENU
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{67ED4F6B-BE85-410B-A60E-793CEB7D7DAD}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{690CD55E-D07B-472F-8706-A3A7D0A5CB09}" = SoftPlan version 13 [C:\SoftPlan13]
"{6C44519A-497D-382C-8596-E972C77057C2}" = Microsoft Portable Library Multi-Targeting Pack
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{71a40c60-27c2-443a-b7c7-6e4f3aad1d5a}" = Microsoft ASP.NET and Web Frameworks 2012.2
"{72800ED3-4CC6-41D3-9741-26D479E29DE4}" = LogicCircuit
"{77E2D875-FD9E-3DEE-9A84-C34FDECB4ECA}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7f522d2c-fa6d-40e7-bcb8-f769ce3053e2}" = Microsoft Azure Tools for Microsoft Visual Studio 2012 - v2.4
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{90037203-AAD8-412F-8265-DD54FD4EFD10}" = calibre
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A456DFB-5404-471D-8C7B-0E2A155E999B}" = Microsoft ASP.NET Visual Studio 2012 Uninstall Finalizer
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime
"{A15E821D-0A75-4B45-BA20-481051C7F4E5}_is1" = Binary Viewer 4.13.4.26
"{A16656CE-4B17-4484-A13F-22B9500E5223}" = Fast Boot
"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1" = Cartes du Ciel V3.8
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AE553D7C-E21A-4CDD-BDB3-FBEA09E42993}" = Microsoft Azure Shared Components for Visual Studio 2012 - v1.2
"{B1392E70-34C3-4EB0-A9E6-209797FFAAF7}_is1" = Vintage BASIC version 1.0.2
"{B33F91AB-8BB0-4026-B195-A1C3DA95478E}" = Uninstall Finalizer
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BCEBC40A-16A1-4CCD-A917-887749706088}" = Microsoft ASP.NET MVC 3 - Visual Studio Express 2012 for Web
"{BFE16218-BBA6-4FE3-BE07-505AA7C418C7}" = Microsoft NuGet - Visual Studio Express 2012 for Web
"{C0770F76-6923-4EC4-A062-E688B99DCE40}" = Microsoft ASP.NET Visual Studio 2012 Finalizer
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C75EF0A9-F228-40E9-AA20-B832F8350A4C}" = Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web
"{C75F2670-ECC5-4408-9EC8-2884FB019C04}" = Video Grabber
"{CEB3E62B-D8BC-4DC2-838B-C7B547D2C4F6}" = Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio Express 2012 for Web
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D2964C0D-477B-4914-B791-1D80E61E85E6}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20905.0)
"{D30F78E6-2A82-48E5-94A9-D295D64501BF}" = MathGV 4.1
"{D3A828A9-FD4A-4463-9CB0-9673C682A0C7}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D95AA4F4-9FCF-4BD8-AC07-AB1912A202E2}_is1" = Home Plan Pro version 5.2.12.4
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DD1D9A81-1186-4634-9A6A-1B6F59A8C269}" = Microsoft Azure Storage Tools - v2.5.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E4E1D7C7-6561-4462-96B5-E6439488ED41}" = Flash Cookie Cleaner
"{E5154BC3-432D-4EAB-95D2-6C16CC3110DA}" = Microsoft Azure Tools for Microsoft Visual Studio 2012 Core
"{E61CFDDA-40DD-4400-95CA-12819C50B5C2}" = WD Drive Utilities
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6DC6DDF-3EE7-4630-9F4B-0ADAF0461DAC}" = Microsoft Azure Tools for Microsoft Visual Studio 2012 - v2.4
"{e7c7c227-b742-4878-9425-f09bbf9951db}" = Avira
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.83
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{EFC0BA9B-F472-4559-B655-9C47281F9483}" = WD Security
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F3BBC56F-2282-4464-952F-A89772181F30}" = Microsoft SQL Server Data Tools – Database Projects – Web installer entry point
"{f56bac4b-ef69-49d9-b010-1d7de651418d}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities Free Edition 11.26
"{FCCB88D8-06A1-44C6-B633-B23C239827BE}" = Install Finalizer
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"7-Zip" = 7-Zip 9.22beta
"aaICO_is1" = aaICO - Icon Editor 3
"abcavi_tag_editor_is1" = abcAVI
"Adobe Digital Editions 3.0" = Adobe Digital Editions 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Advanced Renamer_is1" = Advanced Renamer
"ATT-ATT Management Agent" = ATT Management Agent
"Audacity_is1" = Audacity 2.0.3
"Avidemux 2.6 (64-bit)" = Avidemux 2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battery Status" = Battery Status
"Belarc Advisor" = Belarc Advisor 8.3
"BleachBit" = BleachBit
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Celestia_is1" = Celestia 1.6.1
"Clementine" = Clementine
"CodeLite_is1" = CodeLite
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.2.1 Shizuku Edition
"DiskCheckup_is1" = DiskCheckup v3.2
"DjVuLibre+DjView" = DjVuLibre DjView  3.5.25.4+4.9.2
"DScaler 4 Test Version_is1" = DScaler 4 Test Version
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EncSpot Basic_is1" = EncSpot Basic 2.0
"Euler Mathematical Toolbox_is1" = Euler Math Toolbox Version 23.5
"Everything" = Everything 1.2.1.371
"FastStone Capture" = FastStone Capture 7.6
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"FastStone MaxView" = FastStone MaxView 2.7
"FastStone Photo Resizer" = FastStone Photo Resizer 3.2
"FBReader for Windows" = FBReader for Windows
"foobar2000" = foobar2000 v1.2.9
"FreeBASIC" = FreeBASIC 0.90.1
"FreeCommander XE_is1" = FreeCommander XE
"FreeMat 4.2" = FreeMat
"GIF Viewer" = GIF Viewer 3.1
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"HeidiSQL_is1" = HeidiSQL 8.0.0.4396
"Inkscape" = Inkscape 0.48.4
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}" = 3D Home Architect Design Suite Deluxe 8
"Jaangle music management" = Jaangle music management
"Juice" = Juice 2.2
"Junior Icon Editor" = Junior Icon Editor
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"K-Meleon" = K-Meleon 1.5.4 en-US (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LookInMyPC" = LookInMyPC
"Lunascape6" = Lunascape6 (All Users)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"mmswitch" = Morgan Stream Switcher
"MobiDVD" =  MobiDVD 1.0.0.6
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSN Font Color Editor_is1" = MSN Font Color Editor 1.2
"M-WIN-D 9.0.1 4092685_is1" = Wolfram CDF Player (M-WIN-D 9.0.1 4092685)
"NASA World Wind 1.4" = NASA World Wind 1.4
"Notepad++" = Notepad++
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"PicPick" = PicPick
"Plancoin" = Plancoin
"qbittorrent" = qBittorrent 3.1.9.2
"Quackle_is1" = Quackle 0.97 [Beta]
"Rainmeter" = Rainmeter
"Revo Uninstaller" = Revo Uninstaller 1.95
"Right Click Enhancer" = Right Click Enhancer 4.1.1
"Safarp" = Safarp
"Secunia PSI" = Secunia PSI (3.0.0.9016)
"SolveigMM AVI Trimmer 2.1.1307.29" = SolveigMM AVI Trimmer
"SolveigMM Video Editing SDK 3.0.1309.5" = SolveigMM Video Editing SDK
"SpeedFan" = SpeedFan (remove only)
"SpeQ Mathematics" = SpeQ Mathematics 3.4
"STDU Explorer_is1" = STDU Explorer version 1.0.517.0
"SumatraPDF" = SumatraPDF
"tixati" = Tixati
"UltraDefrag" = Ultra Defragmenter
"UnrealCommander_is1" = Unreal Commander v2.02
"VTUploader" = VirusTotal Uploader 2.2
"WAV Joiner" = WAV Joiner
"What's Running_is1" = What's Running 3.0
"Windows Azure Storage Emulator - v3.3" = Windows Azure Storage Emulator - v3.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinISO" = WinISO
"WinMerge_is1" = WinMerge 2.14.0
"WinPcapInst" = WinPcap 4.1.1
"WinX Free WMV to AVI Converter_is1" = WinX Free WMV to AVI Converter 5.0.6
"Wise Data Recovery_is1" = Wise Data Recovery 3.41
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.94
"Wise Folder Hider_is1" = Wise Folder Hider 1.41
"Wise Game Booster_is1" = Wise Game Booster 1.23
"Wise JetSearch_is1" = Wise JetSearch 1.39
"Wise PC 1stAid_is1" = Wise PC 1stAid 1.32
"Wise Program Uninstaller_is1" = Wise Program Uninstaller 1.55
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.86
"Zyzzyva 2.2.3" = Zyzzyva
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3001965132-3898090023-1802478263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 6.01
"Dropbox" = Dropbox
"magicJack" = magicJack
"MultiCommander x64" = MultiCommander (x64)
"Python 3.4.1 (Anaconda3 2.0.1 64-bit)" = Python 3.4.1 (Anaconda3 2.0.1 64-bit)
"WinDirStat" = WinDirStat 1.1.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2015-01-02 01:43:35 | Computer Name = Jean-PC | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
 server database.
 
Error - 2015-01-02 05:07:09 | Computer Name = Jean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 34.0.5.5443,
 time stamp: 0x5475dd5d  Faulting module name: mozalloc.dll, version: 34.0.5.5443,
 time stamp: 0x5475d664  Exception code: 0x80000003  Fault offset: 0x00001425  Faulting
 process id: 0x8488  Faulting application start time: 0x01d0266944b71175  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: ba75032d-925e-11e4-8a45-90e6ba3aa19e
 
Error - 2015-01-02 05:21:56 | Computer Name = Jean-PC | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
 server database.
 
Error - 2015-01-02 17:22:19 | Computer Name = Jean-PC | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
 server database.
 
Error - 2015-01-02 19:21:05 | Computer Name = Jean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 34.0.5.5443,
 time stamp: 0x5475dd5d  Faulting module name: mozalloc.dll, version: 34.0.5.5443,
 time stamp: 0x5475d664  Exception code: 0x80000003  Fault offset: 0x00001425  Faulting
 process id: 0xab4  Faulting application start time: 0x01d026bbb00de477  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: 05b24f23-92d6-11e4-8fa2-90e6ba3aa19e
 
Error - 2015-01-02 19:58:54 | Computer Name = Jean-PC | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
 server database.
 
[ System Events ]
Error - 2015-01-02 05:22:33 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error - 2015-01-02 09:10:30 | Computer Name = Jean-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2015-01-02 10:53:38 | Computer Name = Jean-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\DR6, has a bad block.
 
Error - 2015-01-02 19:48:02 | Computer Name = Jean-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2015-01-02 19:52:34 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7003
Description = The ATKGFNEX Service service depends the following service: ASMMAP64.
 This service might not be installed.
 
Error - 2015-01-02 19:53:51 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
 Server (SQLEXPRESS) service to connect.
 
Error - 2015-01-02 19:54:02 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7000
Description = The SQL Server (SQLEXPRESS) service failed to start due to the following
 error:   %%1053
 
Error - 2015-01-02 19:56:26 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (SQLEXPRESS) service hung on starting.
 
Error - 2015-01-02 19:59:13 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error - 2015-01-02 19:59:43 | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X64 service to connect.
 
< End of report >
 


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings Swampwiz and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.png Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work
 

I am currently reviewing your logs and will respond again with a plan of action to get you sorted out :D


  • 0

#3
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi there. A few things to start off with...
 

noentry32.png P2P WARNING!

It appears that there is at least one Peer to Peer(P2P) program on your computer:

qbittorrent
utorrent
Tixati

Whilst some P2P programs themselves may be harmless, we at GeeksToGo do not recommend their use due to the extremely high likelyhood of obtaining an infection from files that have been downloaded. This may range from annoying adware to malicious trojans stealing your passwords and other personal information.

There is also the risk of inadvertently sharing information that wasn't intended due to incorrectly configured software.

It is highly likely that this is the source of the issue that brought you here today. And if not, probably what will bring you back at a later date.

Here are some useful links regarding the dangers of P2P software.
[list]

You have multiple AV products installed:

  • Avira
  • AVG 2015

Multiple AV products can cause many problems including slowing your computer down and causing conflicts between the products, leaving you potentially unprotected.

You should uninstall one of them. Please let me know which one you have decided to remove.

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.

  • Wise Data Recovery 3.41
  • Wise Disk Cleaner 7.94
  • Wise Folder Hider 1.41
  • Wise Game Booster 1.23
  • Wise JetSearch 1.39
  • Wise PC 1stAid 1.32
  • Wise Program Uninstaller 1.55
  • Wise Registry Cleaner 7.86

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outlined in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to rectify this.

Note: Ensure you reboot your machine when prompted before proceeding any further.

Step 1

OTL fix

Ensure OTL is located on your desktop. If it is not, then please download from http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop.

As you are using Windows /7 then right click it and select Run As Administrator.

Copy the text in the following box (do not include the word Quote). To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

Next, right click in the box named Custom Scans/Fixes and select paste.

otl-run-fix.jpg

This will insert the code into OTL.

Now click Run Fix

OTL will generate a report when it has finished. Please paste the contents of this report in your next post.

Step 2

jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered,You need the 64bit version.

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    shortcut.txt
    Addition.txt
    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • Which AV have you removed? Did Wise uninstall properly?
  • OTL log
  • JRT log
  • FRST Logs

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. How is it going so far?


  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP