Open Side Menu Go to the Top
Register
CMD window randomly apperaring CMD window randomly apperaring

12-17-2014 , 10:50 AM
and then dissapearing within half a second. Happens usually once or twice a day (I use my PC pretty much all day due to studies). Should I be worried?

I have windows 8 (not 8.1), and malwarebytes and AVG show no results. I read somewhere that I should re-start my PC in safe mode and run malwarebytes then, but I'm not very good with computers so I'm wondering if this is necessary or if I'm just being paranoid here.

Any help appreciated.
CMD window randomly apperaring Quote
12-17-2014 , 11:24 AM
Malwarebytes should generally be run in normal mode, not safe mode. In safe mode various modules don't load.

Difficult to tell if your CMD windows are something to worry about. Given you've spotted it though, and you have no innocent explanation, it would be worth double checking that your machine is not infected. Follow the steps here and then post the OTL logs back in this thread.
CMD window randomly apperaring Quote
12-18-2014 , 01:42 AM
I've seen a poweliks variant do this and not show up in Mbam or other scanners. running roguekiller in safe mode networking will reveal it. That being said, follow what thunder just posted instead of stabbing in the dark.
CMD window randomly apperaring Quote
12-18-2014 , 06:07 AM
Thanks for the replies. I will follow thunderbolts steps later as I have Uni now. I ran roguekiller, will run it in safe mode later when I have time. Here's the log:

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] runSW.exe -- C:\Windows\runSW.exe[-] -> Killed [TermProc]
[Suspicious.Path] SwUSB.exe -- C:\Windows\SwUSB.exe[-] -> Killed [TermProc]
[PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[7] -> Stopped

¤¤¤ Registry : 17 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run | vProt : "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\RunSwUSB (C:\Windows\runSW.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R unSwUSB (C:\Windows\runSW.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v ToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2527960288-1362115114-2915025391-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2527960288-1362115114-2915025391-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2527960288-1362115114-2915025391-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2527960288-1362115114-2915025391-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Tcpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{367C7D31-B58B-4E66-BD05-3A21184DF2F6} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{367C7D31-B58B-4E66-BD05-3A21184DF2F6} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] FG.job -- C:\Users\JonAre\AppData\Roaming\FG.exe (/infocmdline=w5v+R1ElmDZso5cvbUCW1zkbdNsGlvE35Kyc1+ V3wBhSmKIYFG3EGqh4nd8qzZjJ6+26SoiX/bDox5t5G7mP/LF09phHyQuKE6GqKRx1/Z6SxVomAARzQsDM+mXq1Bo7RAtWZwtiT4YC3d5vRjEIP266OPW cBMRwA2gIhruEuzRnjt0USaPShFHMZSQEs1BoraNfPmn2xJfjn UKtWqfWii2FLz+IpconDkftbqm/gf5GKJbM02DUdPCHlTHmHstwnc0xa/IVFv6/4q3vOi/DkwPcfYl5rR5Y9wTRwST13NF0kVSXtn8sqzH/vDGWvzY0ryJ46Rv1RFzyi8/OYESIxz64aXCXfeSn9Hnw56Kn8e6BgrHx8Onjm2T73qOaoJxuI FZX/iyBe8ez5KghxrIJR2g4eJ0ZDBIFHGvSN1C2IMvugHTrbunJBm3 JqRlV7EPRIoasT6SVk+54/G7kgKLrWNahx4WgVvj1MyflD2L3d7VLMtzk6ScKfzxcihWa2Bm b) -> Found
[Suspicious.Path] LIGY.job -- C:\Users\JonAre\AppData\Roaming\LIGY.exe (/infocmdline=pJYcl25YjK/k7yfM8FcSZSjz6efmVmW/2UJeF2JE6XwGWau8j5kq0QzLS2dUbQsbGWEeT5YPJS2t2cEkJK C9RwntaM8oOeFSQY5G33lxhq7pamAWmaHcU0lFTSNHUQpzrcD+ Lf5T1M5w9PfT5VE3XtusRqnd/Z3a57yth6RltcodkOpNSR0RgcNuaghfVPXtBF9vgoVGs+zFquH pS2tBbcpJSA40Y2dRL2UWQvg1/TFYsz58XcmnqVqmB+TZ+WgOx1FbTsDwEJlR+4/n2yIb+bjC6ChIlmO3mXArebBCnTJalbgx6/oRezZPYdTSKKzFzCSRg9dMHkpOab6Hc2xMv0x5XD+ja5Ovsmwj SKeLsP52/XiJb2HT4KxtiIeNXkf5JFdW8pcqP9qr2ougOv/lxeQQ+6pjWa7VehrJSUCSTlffcYMwbeuB0uiobHLOwSFQy8Tx9/F5oAal/0/f4wuG3PSRag8ogY5Fgd7qjRPwA13fYOqiY3J7vIwC4tYHeuPj) -> Found
[Suspicious.Path] \\FG -- C:\Users\JonAre\AppData\Roaming\FG.exe (/infocmdline=w5v+R1ElmDZso5cvbUCW1zkbdNsGlvE35Kyc1+ V3wBhSmKIYFG3EGqh4nd8qzZjJ6+26SoiX/bDox5t5G7mP/LF09phHyQuKE6GqKRx1/Z6SxVomAARzQsDM+mXq1Bo7RAtWZwtiT4YC3d5vRjEIP266OPW cBMRwA2gIhruEuzRnjt0USaPShFHMZSQEs1BoraNfPmn2xJfjn UKtWqfWii2FLz+IpconDkftbqm/gf5GKJbM02DUdPCHlTHmHstwnc0xa/IVFv6/4q3vOi/DkwPcfYl5rR5Y9wTRwST13NF0kVSXtn8sqzH/vDGWvzY0ryJ46Rv1RFzyi8/OYESIxz64aXCXfeSn9Hnw56Kn8e6BgrHx8Onjm2T73qOaoJxuI FZX/iyBe8ez5KghxrIJR2g4eJ0ZDBIFHGvSN1C2IMvugHTrbunJBm3 JqRlV7EPRIoasT6SVk+54/G7kgKLrWNahx4WgVvj1MyflD2L3d7VLMtzk6ScKfzxcihWa2Bm b) -> Found
[Suspicious.Path] \\LIGY -- C:\Users\JonAre\AppData\Roaming\LIGY.exe (/infocmdline=pJYcl25YjK/k7yfM8FcSZSjz6efmVmW/2UJeF2JE6XwGWau8j5kq0QzLS2dUbQsbGWEeT5YPJS2t2cEkJK C9RwntaM8oOeFSQY5G33lxhq7pamAWmaHcU0lFTSNHUQpzrcD+ Lf5T1M5w9PfT5VE3XtusRqnd/Z3a57yth6RltcodkOpNSR0RgcNuaghfVPXtBF9vgoVGs+zFquH pS2tBbcpJSA40Y2dRL2UWQvg1/TFYsz58XcmnqVqmB+TZ+WgOx1FbTsDwEJlR+4/n2yIb+bjC6ChIlmO3mXArebBCnTJalbgx6/oRezZPYdTSKKzFzCSRg9dMHkpOab6Hc2xMv0x5XD+ja5Ovsmwj SKeLsP52/XiJb2HT4KxtiIeNXkf5JFdW8pcqP9qr2ougOv/lxeQQ+6pjWa7VehrJSUCSTlffcYMwbeuB0uiobHLOwSFQy8Tx9/F5oAal/0/f4wuG3PSRag8ogY5Fgd7qjRPwA13fYOqiY3J7vIwC4tYHeuPj) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 12 (Driver: Loaded) ¤¤¤
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)
[IAT:Inl] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : C:\Program Files (x86)\AVG\AVG2015\avghookx.dll @ 0x73ec1000 (jmp 0xfffffffffcaf3150)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKX-80HPJT0 +++++
--- User ---
[MBR] 8d383a884cadcfa22ecd4483fcb4ccfc
[BSP] fd802cd7f1381cb5958e87b9c5a94219 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: LITEONIT LCS-256M6S +++++
--- User ---
[MBR] 3db6499a8cfc97133c05db878a40a635
[BSP] 359f7e74cd5bfb32ea89655b1af5cfcd : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
CMD window randomly apperaring Quote
12-18-2014 , 08:58 AM
Yep, follow the steps in the sticky.
CMD window randomly apperaring Quote
12-18-2014 , 09:34 AM
.

Last edited by Misfitsbeevers; 12-18-2014 at 09:46 AM. Reason: did a mistke with OTL
CMD window randomly apperaring Quote
12-18-2014 , 09:36 AM
.

Last edited by Misfitsbeevers; 12-18-2014 at 09:37 AM. Reason: did a mistke with OTL
CMD window randomly apperaring Quote
12-18-2014 , 09:48 AM
OTL logfile created on: 18.12.2014 14:38:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JonAre\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

7,95 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 76,20% Memory free
15,70 Gb Paging File | 13,84 Gb Available in Paging File | 88,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 94,95 Gb Total Space | 28,18 Gb Free Space | 29,68% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 250,94 Gb Free Space | 71,84% Space Free | Partition Type: NTFS
Drive E: | 349,32 Gb Total Space | 349,18 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 121,97 Gb Total Space | 90,36 Gb Free Space | 74,08% Space Free | Partition Type: NTFS

Computer Name: GOTHMOGH | User Name: JonAre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.12.18 14:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JonAre\Downloads\OTL.exe
PRC - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.11.12 21:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014.11.09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014.11.09 21:56:14 | 003,653,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014.11.09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014.11.06 18:08:04 | 002,464,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.11.06 18:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.08.27 13:38:40 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014.08.12 16:35:01 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014.08.12 16:35:01 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2014.05.27 22:39:20 | 002,733,080 | ---- | M] () -- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
PRC - [2014.05.24 22:28:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.09.04 12:03:30 | 000,283,648 | ---- | M] () -- C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
PRC - [2013.08.28 14:23:22 | 003,202,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2013.08.19 18:35:26 | 000,055,368 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2013.08.16 15:29:08 | 000,183,408 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013.07.23 10:54:34 | 000,602,936 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnWMI.exe
PRC - [2013.07.23 10:54:34 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnSrv.exe
PRC - [2013.06.23 21:06:06 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013.06.23 21:05:26 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013.06.23 21:05:26 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013.06.13 13:04:12 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2013.05.30 15:17:48 | 000,205,624 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2013.05.29 18:11:48 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013.05.21 10:50:34 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2013.05.15 15:39:12 | 000,463,872 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
PRC - [2013.05.07 14:06:18 | 000,096,768 | ---- | M] () -- C:\Program Files (x86)\Jensen\Jensen AirLink 500ac Wireless LAN Driver\WPSService20.exe
PRC - [2013.05.01 20:16:43 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2013.03.21 12:24:56 | 000,454,144 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse\Tray.exe
PRC - [2013.03.14 10:46:12 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe
PRC - [2013.03.08 16:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2013.02.25 08:39:08 | 000,430,080 | ---- | M] (Realtek) -- C:\Windows\SwUSB.exe
PRC - [2013.01.15 17:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012.12.26 12:48:14 | 000,036,864 | ---- | M] () -- C:\Windows\runSW.exe
PRC - [2012.09.18 13:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012.05.28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012.01.30 14:48:34 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse GX850\hid.exe
PRC - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011.08.04 13:27:38 | 000,452,096 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse GX850\Tray.exe
PRC - [2011.07.11 16:40:48 | 000,278,528 | ---- | M] (OSD Application) -- C:\Program Files (x86)\ASUS Gaming Mouse\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2014.10.21 17:31:30 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\f5c48d3c80f7a7392a9911c31397ab22\System.Xm l.ni.dll
MOD - [2014.10.21 17:31:27 | 001,900,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\7e33d28b2dab9b4496ea35823e1de449\System.X aml.ni.dll
MOD - [2014.10.21 17:31:26 | 012,877,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\ff31e584f2c72353c0fd0bc79f567b1a \System.Windows.Forms.ni.dll
MOD - [2014.10.21 17:31:09 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\cf12151910d45dc1e8d561405a2d41dc\Syste m.Drawing.ni.dll
MOD - [2014.10.21 17:31:04 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\fbf3b554fde1f61f207fa7a542e7a5be \System.Configuration.ni.dll
MOD - [2014.10.21 17:31:04 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentatioaec034ca#\c499d0e46cc895743d5f6fa621006d73 \PresentationFramework.Aero2.ni.dll
MOD - [2014.10.21 17:31:03 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentatio5ae0f00f#\e1af9e051cc5aa4512c95ae4c04194f4 \PresentationFramework.ni.dll
MOD - [2014.10.21 17:30:56 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\2e698458b0dd7685ad4ccb85482507b2\Pre sentationCore.ni.dll
MOD - [2014.10.21 17:30:51 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\53a2eb543a721efd6afdaeb0bb862bf8\WindowsB ase.ni.dll
MOD - [2014.10.21 17:30:48 | 007,041,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\90ef4862e3da6750fe17561df2515951\System.C ore.ni.dll
MOD - [2014.10.21 17:30:45 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\631276b1e140ff705cdd076522f22189\System.ni.dll
MOD - [2014.08.27 13:38:40 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014.08.12 16:35:01 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2014.05.27 22:39:20 | 002,733,080 | ---- | M] () -- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
MOD - [2014.05.05 08:56:49 | 001,632,792 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
MOD - [2014.04.03 10:36:27 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIA utomationTypes\30caed6dd3390553adf0d78426beb375\UI AutomationTypes.ni.dll
MOD - [2014.04.02 23:27:21 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni .dll
MOD - [2013.09.04 12:03:30 | 000,283,648 | ---- | M] () -- C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
MOD - [2013.08.19 18:16:48 | 000,015,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MOD - [2013.08.16 11:03:12 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
MOD - [2013.05.15 15:39:12 | 000,463,872 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
MOD - [2013.04.27 11:24:12 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
MOD - [2013.03.21 12:24:56 | 000,454,144 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse\Tray.exe
MOD - [2013.03.14 10:46:12 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe
MOD - [2012.01.30 14:48:34 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse GX850\hid.exe
MOD - [2011.09.19 12:40:40 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse\lan\lan.dll
MOD - [2011.08.04 13:34:14 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse GX850\lan.dll
MOD - [2011.08.04 13:27:38 | 000,452,096 | ---- | M] () -- C:\Program Files (x86)\ASUS Gaming Mouse GX850\Tray.exe


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014.11.06 18:07:54 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014.11.06 18:07:49 | 019,819,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014.10.30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014.10.02 23:29:16 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014.09.22 07:04:33 | 000,016,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014.07.07 06:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014.05.30 00:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013.09.04 12:03:42 | 000,342,016 | ---- | M] (Qualcomm Atheros) [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe -- (Qualcomm Atheros Killer Service V2)
SRV:64bit: - [2013.08.16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013.07.27 07:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify)
SRV:64bit: - [2013.07.23 10:54:34 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\P4G\InsOnSrv.exe -- (ASUS InstantOn)
SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.05.11 18:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013.05.11 18:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013.05.04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.05.01 20:55:47 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.05.01 20:17:06 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013.04.11 06:15:40 | 000,099,664 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.08 11:34:30 | 000,126,856 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.11.18 21:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.11.12 21:46:08 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.11.09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.11.09 21:56:56 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe -- (avgfws)
SRV - [2014.11.09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014.11.06 18:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.08.12 16:35:01 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014.05.24 22:28:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.07.27 07:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfi g.dll -- (PrintNotify)
SRV - [2013.06.23 21:06:06 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.06.23 21:05:26 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013.06.23 21:05:26 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2013.06.13 13:47:02 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013.06.13 13:04:12 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2013.05.07 14:06:18 | 000,096,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jensen\Jensen AirLink 500ac Wireless LAN Driver\WPSService20.exe -- (WPSService20)
SRV - [2013.01.15 17:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012.12.26 12:48:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Windows\runSW.exe -- (RunSwUSB)
SRV - [2012.12.19 07:10:38 | 000,072,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.12.18 14:20:06 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\Drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014.12.17 15:57:55 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.11.06 18:07:49 | 000,019,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014.10.29 21:35:16 | 000,263,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014.10.05 21:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014.10.03 20:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.09.24 21:03:42 | 000,277,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014.09.22 06:53:10 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014.09.17 05:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014.08.28 21:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014.08.26 23:08:01 | 000,270,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014.08.12 16:35:01 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014.07.24 14:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014.07.18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014.06.18 20:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014.06.18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014.06.18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013.10.10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013.10.09 09:52:16 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2013.10.05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.09.26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013.09.04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013.08.16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013.08.10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.08.09 03:31:50 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013.07.23 10:54:34 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Program Files\ASUS\P4G\PLCTRL.sys -- (plctrl)
DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.23 21:05:26 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.06.13 13:26:48 | 000,587,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013.06.13 13:26:44 | 000,136,784 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013.06.13 13:26:42 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013.06.13 13:26:42 | 000,115,912 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013.06.13 13:26:42 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013.06.13 13:26:42 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013.06.13 13:26:42 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013.06.13 13:26:40 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.05.30 17:57:42 | 003,812,048 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\akw8x64.sys -- (akw8x64)
DRV:64bit: - [2013.05.01 20:55:47 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.05.01 20:51:04 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013.05.01 20:47:08 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013.05.01 20:44:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013.05.01 20:24:00 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013.05.01 20:21:58 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013.05.01 20:16:41 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013.05.01 20:16:41 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013.04.26 09:46:02 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2013.04.17 13:33:54 | 002,380,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2013.04.11 07:53:22 | 000,363,920 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.13 16:11:24 | 000,075,056 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\bwcW8x64.sys -- (BfLwf)
DRV:64bit: - [2012.12.24 06:53:24 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012.09.18 13:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012.08.02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.24 00:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.02 15:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.06.02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012.06.02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012.06.02 15:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.07.29 11:53:12 | 000,023,552 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\PXGX112.sys -- (PXGX112)
DRV - [2011.09.07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE1 0TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE1 0TR&pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://mysearch.avg.com/search?cid={35631640-833A-45AF-B0ED-1187A23DF4DA}&mid=c51d4dcac4f647d29d396da73deacedc-4e01dbb6b298250ae760c28f8c85cd09e086f688&lang=en&d s=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2014-05-05 09:57:26&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q= {searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dl l File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1. dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.7_0\
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.15_0\
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\JonAre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [UMonit64] C:\Windows\SysWOW64\UMonit64.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROGGX850] C:\Program Files (x86)\ASUS Gaming Mouse GX850\hid.exe ()
O4 - HKLM..\Run: [ROGNB] C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0414c] C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418908924 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{367C7D31-B58B-4E66-BD05-3A21184DF2F6}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ffff9581-6611-11e4-beb7-bcee7b0e272f}\Shell - "" = AutoRun
O33 - MountPoints2\{ffff9581-6611-11e4-beb7-bcee7b0e272f}\Shell\AutoRun\command - "" = "H:\SISetup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: MBAMSwissArmy - C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: mcpltsvc -
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: mcpltsvc -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: MBAMSwissArmy - C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: mcpltsvc -
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: mcpltsvc -
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
CMD window randomly apperaring Quote
12-18-2014 , 09:51 AM
========== Files/Folders - Created Within 30 Days ==========

[2014.12.18 11:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014.12.16 21:15:48 | 000,590,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AutoUpdate.exe
[2014.12.16 21:15:48 | 000,467,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2014.12.11 16:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\20994868-695e-4566-b983-89b246577b14
[2014.12.11 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\JonAre\AppData\Local\globalUpdate
[2014.12.11 16:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014.12.11 16:34:10 | 000,000,000 | ---D | C] -- C:\Users\JonAre\AppData\Roaming\TornTV.com
[2014.12.10 19:49:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014.12.10 11:54:05 | 001,519,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2014.12.10 11:54:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll
[2014.12.10 10:43:57 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.12.10 10:43:57 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.12.10 10:43:57 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.12.10 10:43:57 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014.12.10 10:43:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.12.10 10:43:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.12.10 10:43:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.12.10 10:43:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.12.10 10:43:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.12.10 10:43:56 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.12.10 10:43:56 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.12.10 10:43:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.12.10 10:43:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.12.10 10:43:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.12.10 10:43:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.12.10 10:43:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.12.10 10:43:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.12.10 10:43:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014.12.10 10:43:56 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.12.10 10:43:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014.12.10 10:43:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.12.10 10:43:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.12.10 10:43:55 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014.12.10 10:43:51 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.12.10 10:43:51 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014.12.10 10:43:51 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014.12.10 10:43:51 | 000,412,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.12.10 10:43:51 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014.12.10 10:43:51 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.12.10 10:43:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014.12.10 10:43:34 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014.11.25 17:58:24 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2014.11.25 17:58:24 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2014.11.25 17:58:24 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2014.11.25 17:58:24 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2014.11.25 17:58:10 | 000,038,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014.11.25 17:58:10 | 000,032,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014.11.25 17:57:24 | 000,615,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014.11.25 17:56:33 | 031,893,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014.11.25 17:56:33 | 024,557,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014.11.25 17:56:33 | 019,966,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014.11.25 17:56:33 | 018,514,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014.11.25 17:56:33 | 014,032,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014.11.25 17:56:33 | 013,944,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014.11.25 17:56:33 | 011,397,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014.11.25 17:56:33 | 011,336,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014.11.25 17:56:33 | 004,292,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014.11.25 17:56:33 | 004,011,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014.11.25 17:56:33 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434475.dll
[2014.11.25 17:56:33 | 001,540,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434475.dll
[2014.11.25 17:56:33 | 000,964,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014.11.25 17:56:33 | 000,935,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014.11.25 17:56:33 | 000,923,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014.11.25 17:56:33 | 000,900,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014.11.25 17:56:33 | 000,500,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014.11.25 17:56:33 | 000,418,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014.11.25 17:56:33 | 000,393,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014.11.25 17:56:33 | 000,348,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.11.25 17:56:32 | 020,922,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014.11.25 17:56:32 | 017,259,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014.11.25 17:56:32 | 002,874,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014.11.25 17:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014.11.25 17:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014.11.25 17:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014.11.25 17:50:49 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2014.11.25 17:50:49 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2014.11.25 17:50:49 | 000,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll

========== Files - Modified Within 30 Days ==========

[2014.12.18 14:28:57 | 002,619,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.12.18 14:28:57 | 000,730,544 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2014.12.18 14:28:57 | 000,718,298 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.12.18 14:28:57 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.12.18 14:28:57 | 000,174,018 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2014.12.18 14:28:57 | 000,147,876 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.12.18 14:28:57 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.12.18 14:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.18 14:23:21 | 000,000,074 | ---- | M] () -- C:\Users\JonAre\AppData\Roaming\sp_data.sys
[2014.12.18 14:21:51 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.12.18 14:21:50 | 000,001,356 | ---- | M] () -- C:\Windows\tasks\LIGY.job
[2014.12.18 14:21:50 | 000,001,352 | ---- | M] () -- C:\Windows\tasks\FG.job
[2014.12.18 14:21:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rmv.job
[2014.12.18 14:21:50 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rel.job
[2014.12.18 14:21:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.12.18 14:21:39 | 2534,653,951 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.18 14:20:06 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.12.18 10:48:55 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.12.17 15:57:55 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.12.13 23:44:47 | 000,003,514 | ---- | M] () -- C:\Users\JonAre\Documents\STIL.ods
[2014.12.11 23:36:00 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.12.10 23:49:10 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.12.09 08:12:44 | 000,590,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AutoUpdate.exe
[2014.12.09 08:12:44 | 000,467,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2014.12.05 02:41:41 | 000,740,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014.12.05 02:41:22 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014.12.05 02:41:01 | 000,830,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014.12.05 02:40:59 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.12.03 02:48:02 | 000,412,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.12.03 02:48:01 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.12.03 02:48:01 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014.11.29 18:42:01 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014.11.29 18:42:01 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.11.29 18:36:23 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014.11.26 23:33:35 | 000,010,740 | ---- | M] () -- C:\Users\JonAre\Documents\Precanceroses.odt
[2014.11.26 22:11:29 | 000,714,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.11.26 22:11:29 | 000,106,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.21 09:38:21 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.21 09:37:51 | 000,915,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014.11.21 09:37:51 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014.11.21 09:36:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.21 09:36:48 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.21 09:36:45 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.21 09:36:24 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.21 09:36:23 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.11.21 09:36:17 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.11.21 09:36:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.21 09:36:17 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.21 09:36:02 | 000,451,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.21 09:36:02 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.21 09:35:42 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.21 08:17:44 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014.11.21 08:17:02 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.21 08:17:00 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.21 08:16:46 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.11.21 08:16:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.11.21 08:16:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.21 08:16:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.21 08:16:16 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.21 06:14:26 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.11.21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.11.21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2014.12.18 11:02:31 | 000,037,624 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.12.11 16:34:58 | 000,001,352 | ---- | C] () -- C:\Windows\tasks\FG.job
[2014.12.11 16:34:42 | 000,001,356 | ---- | C] () -- C:\Windows\tasks\LIGY.job
[2014.12.08 19:26:33 | 000,003,514 | ---- | C] () -- C:\Users\JonAre\Documents\STIL.ods
[2014.11.26 23:33:34 | 000,010,740 | ---- | C] () -- C:\Users\JonAre\Documents\Precanceroses.odt
[2014.09.01 09:18:44 | 000,002,086 | ---- | C] () -- C:\Users\JonAre\AppData\Roaming\FG
[2014.09.01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\JonAre\AppData\Roaming\LIGY
[2014.07.23 22:30:14 | 000,000,017 | ---- | C] () -- C:\Users\JonAre\AppData\Local\resmon.resmoncfg
[2014.07.21 18:46:05 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2014.07.21 18:46:02 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014.04.10 19:52:56 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.04.10 19:52:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.04.10 19:52:53 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2014.04.01 18:53:58 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014.04.01 16:32:58 | 000,000,074 | ---- | C] () -- C:\Users\JonAre\AppData\Roaming\sp_data.sys
[2013.11.15 12:43:36 | 000,172,097 | ---- | C] () -- C:\Windows\SysWow64\NoMSGuninstall.exe
[2013.11.15 12:43:36 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\UMonit64.exe
[2013.11.15 12:43:36 | 000,001,519 | ---- | C] () -- C:\Windows\SysWow64\_IconCfg0.ini
[2013.11.15 12:43:36 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\ProductName.ini
[2013.11.15 12:43:36 | 000,000,213 | ---- | C] () -- C:\Windows\SysWow64\IconCfg0.ini
[2013.11.15 12:38:37 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.05.11 18:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2013.05.01 12:15:31 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013.05.01 12:15:31 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013.05.01 12:15:31 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS

========== ZeroAccess Check ==========

[2014.04.01 20:49:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.10.11 08:44:56 | 019,764,736 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.10.11 06:57:57 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2014.11.21 08:16:42 | 013,758,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2012.07.26 04:21:04 | 000,087,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msscript.ocx
[2012.07.26 03:44:43 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2****b

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2014.12.11 23:42:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\20994868-695e-4566-b983-89b246577b14
[2014.06.10 15:34:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2014.12.11 23:42:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2014.10.08 15:18:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2013.11.15 12:47:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2013.11.15 12:47:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS Gaming Mouse
[2014.04.01 18:48:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS Gaming Mouse GX850
[2014.10.21 13:41:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2014.08.27 13:38:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014.05.27 22:39:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avg Secure Update
[2014.08.26 15:18:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Security Toolbar
[2013.11.15 12:40:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bluetooth Suite
[2014.11.08 01:59:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2013.11.15 12:47:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2014.07.18 19:09:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games
[2014.08.05 22:07:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
[2014.12.11 23:42:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\globalUpdate
[2014.04.01 17:18:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2014.09.17 22:42:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.11.15 12:37:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2014.12.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2014.10.21 22:59:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2014.07.21 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jensen
[2014.12.11 23:36:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2013.05.01 12:14:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2014.11.25 17:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.05.01 12:16:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.05.01 12:17:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014.11.08 01:59:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012.08.02 14:34:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2014.11.25 17:57:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2014.05.06 17:45:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice 4
[2014.08.24 21:08:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars
[2013.11.15 12:38:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2012.08.02 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013.11.15 12:38:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2014.04.03 16:54:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2013.05.01 12:21:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildGames
[2013.05.01 12:20:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2014.11.13 09:07:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2013.05.01 12:17:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2014.04.02 20:28:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2014.11.08 01:59:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2012.07.26 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2012.07.26 09:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2014.04.02 23:16:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012.07.26 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2014.11.08 01:59:20 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar

< MD5 for: EXPLORER.EXE >
[2013.06.01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013.06.01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac3 34d9034c59e1\explorer.exe
[2014.04.18 16:03:10 | 000,191,911 | ---- | M] () MD5=131E820550A26A15B9B84224E57C8F6D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b508 0a0137b9becc\explorer.exe
[2014.04.15 16:39:20 | 000,221,955 | ---- | M] () MD5=31C05B1CA757660C95E70A371F3C242C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e 4e770380a4b6\explorer.exe
[2014.04.18 16:03:07 | 000,193,351 | ---- | M] () MD5=3A9A96DCA0DD6B63BF49DE4783B29722 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2 f8c937e166b1\explorer.exe
[2014.04.18 16:03:13 | 000,191,929 | ---- | M] () MD5=43A05523073E13F818F95D77068A7554 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592 a71650d677ed\explorer.exe
[2014.04.18 16:03:16 | 000,190,101 | ---- | M] () MD5=7D5CCD246F2EE32E88C450FEB4D424CA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591 aa9850d758e4\explorer.exe
[2014.04.15 16:39:25 | 000,217,360 | ---- | M] () MD5=A98E05ED144DA7D17BF376E52217C949 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d 00461c7696e9\explorer.exe
[2014.04.15 16:39:22 | 000,220,310 | ---- | M] () MD5=D216A314D181309FE345D3501A2AA395 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab3 5faf0358fcd1\explorer.exe
[2014.04.15 16:39:23 | 000,220,321 | ---- | M] () MD5=DD45B9AC24F78EF47CB100B336D1D662 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3d fcc41c75b5f2\explorer.exe
[2013.06.01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013.06.01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517 df2b37ad1bdc\explorer.exe

< MD5 for: NETLOGON.DLL >
[2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d6 08f9f61ee049\netlogon.dll
[2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_5681 5ea7c1be1e4e\netlogon.dll

< MD5 for: SERVICES.EXE >
[2014.04.16 19:43:31 | 000,001,252 | ---- | M] () MD5=1D1071BA901E0F14E3CAD7B896F5002F -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea 2e9f571eb2\services.exe
[2013.05.01 20:16:41 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013.05.01 20:16:41 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d 19863a6591\services.exe
[2014.04.16 19:43:31 | 000,038,189 | ---- | M] () MD5=F0E96A43FCEB234DFBF3EB289186AD89 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26c d38667756c\services.exe

< MD5 for: SVCHOST.EXE >
[2014.04.20 16:27:33 | 000,000,583 | ---- | M] () MD5=1A9199F3A5D2085C74C97842284BDE2A -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de 2dcefa42bec\svchost.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2013.05.01 20:16:51 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2013.05.01 20:16:51 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a34 5c7d68772cb\svchost.exe
[2014.04.20 16:27:33 | 000,003,208 | ---- | M] () MD5=B66D42F503757CAFCD1869DF1F4CFE20 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666 581d6b482a6\svchost.exe
[2014.04.16 19:45:24 | 000,000,609 | ---- | M] () MD5=E5CD5CC9A7DC4A2BC9D08BD6A4961F6E -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7 e60a8019d22\svchost.exe
[2013.05.01 20:16:41 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2013.05.01 20:16:41 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e 14b8ee4e401\svchost.exe
[2014.04.16 19:45:23 | 000,002,873 | ---- | M] () MD5=FD00A9EBC00076E77B59D387F2B18E22 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e850 1058f11f3dc\svchost.exe

< MD5 for: USERINIT.EXE >
[2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2 617a5b742e02\userinit.exe
[2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3 c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014.04.17 13:55:47 | 000,001,620 | ---- | M] () MD5=0A2562EDE8EDD782B6FD6BD2198442C3 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c 56c877aac328\winlogon.exe
[2014.05.20 14:52:45 | 000,072,808 | ---- | M] () MD5=4ACDB5DEA26FBAB927F3AF2A7C9D400E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95f d5c6779c8076\winlogon.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014.07.14 17:00:48 | 000,072,808 | ---- | M] () MD5=6EBF99ADA8DE904C7924CB28E513E33B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b 381e77abced6\winlogon.exe
[2014.04.12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\SysNative\winlogon.exe
[2014.04.12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87e e12f5ec0739b\winlogon.exe
[2014.04.12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d8 3b755e7d1081\winlogon.exe
[2014.04.12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17127_none_c8d0 6e4d5e82759e\winlogon.exe
[2014.04.12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17150_none_c8a8 fc835ea11810\winlogon.exe
[2014.04.12 10:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17172_none_c895 5d3f5eaf82a0\winlogon.exe
[2014.04.17 13:55:46 | 000,053,884 | ---- | M] () MD5=7C900A9A2DD902D2995B950F3B381437 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c954 25d677a55b32\winlogon.exe
[2014.04.17 13:55:46 | 000,053,876 | ---- | M] () MD5=9495FFC23557A210572A647062C9FA04 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c9 88c15e88a211\winlogon.exe
[2014.05.20 14:52:44 | 000,082,423 | ---- | M] () MD5=9B225ADA6885216230DE8C08CD508E96 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1 b9b35e8e0a07\winlogon.exe
[2014.11.17 13:40:05 | 000,072,808 | ---- | M] () MD5=CB4F69B45F3D2D60B9FEFBB7C4EE66CF -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21243_none_c940 6a1877b3e7ee\winlogon.exe
[2014.11.27 20:00:17 | 000,072,808 | ---- | M] () MD5=DC0C2868408409C3E3907B889A21887B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21290_none_c907 599e77df279e\winlogon.exe
[2014.04.17 13:55:45 | 000,053,889 | ---- | M] () MD5=DFC17716A9B72DC8FD0F059A6C1BB070 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88c a87b5eb5b1ec\winlogon.exe
[2014.11.17 13:40:06 | 000,072,808 | ---- | M] () MD5=FCE777D365327A07AB623E1D965F74E0 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21269_none_c930 cbfc77beb7da\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014.11.21 10:48:56 | 000,775,312 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014.11.21 10:48:56 | 000,775,312 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014.11.21 09:38:21 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014.11.21 09:38:21 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014.11.21 09:38:21 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014.11.21 10:48:56 | 000,775,312 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014.11.21 10:48:56 | 000,775,312 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

< End of report >
CMD window randomly apperaring Quote
12-18-2014 , 09:52 AM
OTL Extras logfile created on: 18.12.2014 14:38:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JonAre\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

7,95 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 76,20% Memory free
15,70 Gb Paging File | 13,84 Gb Available in Paging File | 88,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 94,95 Gb Total Space | 28,18 Gb Free Space | 29,68% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 250,94 Gb Free Space | 71,84% Space Free | Partition Type: NTFS
Drive E: | 349,32 Gb Total Space | 349,18 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 121,97 Gb Total Space | 90,36 Gb Free Space | 74,08% Space Free | Partition Type: NTFS

Computer Name: GOTHMOGH | User Name: JonAre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{04C45AAF-E33B-4FE9-8CFF-D1C56E656518}" = lport=138 | protocol=17 | dir=in | app=system |
"{11711987-6E4E-45D7-932B-AF112790A5EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{12113892-3359-452A-BB56-B82022ECA5D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12CD44FA-AF3F-4707-9447-DB0747C4407B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{13B85C84-D12B-4AA0-A709-8E69D21DB95C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{18229010-601A-49B7-8DAE-0F9842D3669B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C76D4EE-32D3-4F4B-9687-7106BA16BBA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41AF77D5-1E84-4728-AAD9-A43FB79CC358}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{50E07B7D-0745-4178-9EB3-C5BD9E936C24}" = lport=139 | protocol=6 | dir=in | app=system |
"{5856CB00-0242-40D6-B3EF-AE01B52B4429}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66A12FE1-5C85-4C01-A378-4E77385AF052}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{78B15777-FC5D-4F13-A8F9-E6CE3189B8F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B0C4944-EDF7-40B6-8EC3-6DEB9BA90739}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{97D81BFA-6D29-4055-A30E-941910FC036A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{99FECAB6-C088-4E21-9639-8330D030D3B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9DF568BF-1BE4-40F8-B58A-90F91C8AEB20}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A42266D9-3F24-4B0D-8B4F-4CB6B5FD5643}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{B2F8AADE-5482-4E7A-8FA8-95A43038DD69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B58AEDAD-D864-4CE9-AD76-A0CF84CB179D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B83D5624-019E-4F71-A0F0-5C2218AC6FB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB6DAAAE-6D2C-4094-BF48-BF0CC6736EB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF28B146-479A-43BE-8DC0-7DD5B7B7CF00}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CB1E750C-6F70-4E18-9D62-05A00EC41CF6}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE64DFE8-1CC8-4619-A6C7-5118F59F8E6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1299268-BDFE-45AB-A507-011381C40977}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9FDE7C5-91CF-4946-B79E-C7E264DA859C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DE2CF073-049A-422E-AC4B-B2339678C879}" = lport=137 | protocol=17 | dir=in | app=system |
"{E2A65675-18BC-406F-AF8F-91323F47B5CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E6C799BF-FE22-4A6E-B579-522AB8DA9A49}" = rport=137 | protocol=17 | dir=out | app=system |
"{E8D63465-6FA8-4D40-92A2-E46626D0DA37}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{EE41E295-68D9-403C-96B3-4169F8237646}" = rport=138 | protocol=17 | dir=out | app=system |
"{F1B8A266-35B0-4307-8EC7-B1389776AC5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{010AB3E2-93E7-47B8-9782-2AA9FC598105}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{01FDE311-AB04-4E7C-80AF-FF6B5C80A489}" = dir=in | name=skype |
"{0353FB9F-7BD0-4D38-80CA-B3203E5F306A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{05327F12-E002-4AAF-B2DB-2DD4AC00921E}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38 zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{076FE4F0-9326-45D5-8213-264F6CAB9EE3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0C989B4C-EFD5-4D94-8EEF-3184FA08632D}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{0CA88D62-034D-4ACA-93CB-712043C50DB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EC6B416-D155-4B9D-BDD9-F824BBCC255C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0F4D2EF4-99D2-4806-8D75-BAC6E22C8E0D}" = dir=in | name=music maker jam |
"{101F5183-ADDA-43EB-B362-72E28E2CC124}" = protocol=17 | dir=in | app=c:\program files (x86)\full tilt poker\fulltiltpoker.exe |
"{1199DB07-92D5-4B4A-8690-5B089C654744}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{1704EFC3-C5CF-4FF6-B729-97886F0B1F92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19F10201-9F34-4A96-AC0F-5333F0F47ABB}" = dir=out | name=music maker jam |
"{1B19B0E7-B91A-4D9F-86AE-A3E050783040}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{202081E1-BD5F-457D-973F-B8CB604E09DF}" = dir=in | name=hp printer control |
"{20292026-7F64-4900-96A1-ACCD08BE8B00}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{239B7BEE-3337-46C0-A398-099F3C00B899}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{24E917BC-1688-43AF-86D7-34F0F125ECEC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlaunche r.exe |
"{26C63131-B7CF-454A-AC18-697D30768E39}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2B11998D-2210-4F1C-A9B1-3733521451CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C24D785-CE5F-4940-B46E-73B870B9B6B3}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.11 19.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2EC758B1-CFA2-4020-8A7E-8D1804BA80A4}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb 3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{2FDC9401-CF00-458A-9C83-1D7437744B2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30349EC8-3DE3-4959-B045-C9DE21EB49EE}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{35025C5C-CDE6-47B8-B819-170D669263BF}" = protocol=17 | dir=in | app=f:\steam\bin\steamwebhelper.exe |
"{376341FB-91BC-477E-A65A-456F6D798B86}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4396.311_x 64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{3A9F07A7-16EE-40CC-BCE8-E5C56233011C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C0C4642-EF1C-4669-A94A-A928B5B32354}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{3C8E1966-3DE5-4DB7-8CA4-E1EB116EB1B8}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{3CC9ADA0-8426-4086-BDEA-7F0BCDEA8E54}" = dir=out | name=- games app - |
"{3D50268E-9596-4E59-891B-6DA755853664}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{4012CB81-7496-4FA8-BBE9-E6C442A8241D}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{46CB8C0E-0F2D-4871-9F52-4046D85A7A0B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\football manager 2015 editor\editor.exe |
"{46F9F528-FA72-4D7A-8F22-063B653DFD8E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{4B8190CF-926B-4C17-B8C0-366ECDD9237A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{4E286C8A-12CD-40F7-89BC-DCC01BCF18E4}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{4FA8A1C2-A14E-43CB-AEF4-0744887FB3E4}" = dir=out | name=skype |
"{59730CD4-BD46-4B02-87D2-F3C103629855}" = dir=in | name=@{magix.musicmakerjam_2.1.1025.0_x64__a2t3txk z9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{59B2B4AD-E7AB-4340-8B4F-258EB93BA9CB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{5D16C36E-7AC9-4CBD-953C-1005B2FE2C8C}" = dir=out | name=hp printer control |
"{5E28930D-0A9F-44BD-99D9-44E485C1CA5B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{5F727C84-EBC5-4B2C-AA72-D2A85E6C9463}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{67299EC6-B804-4A72-A6BD-0279FB258E8C}" = protocol=6 | dir=in | app=c:\users\jonare\appdata\roaming\utorrent\utorr ent.exe |
"{67A0EFA7-FD8F-4D20-A782-FAB9D78E4A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6865D5B2-EAF1-448C-A807-7719D21C7161}" = dir=out | name=- games app - |
"{6C8F34C7-0309-470F-BD61-0426701DEEC3}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wek yb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{6CE93948-4BA0-4064-B920-942A60E16C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F00DBDB-4412-4645-8C6C-C5B6AAAB83B1}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{73AF9C8A-2A03-43D3-B94B-D39982545DF0}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb 3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{78F8E8DA-219B-4E22-ABF2-C97CF02440A3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7919DA50-4926-4974-B91E-4DA8AB003B2A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{7A00E568-7E68-4094-B9AE-DA47FA8A29F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7A40ECDB-7788-4521-A5FA-F30A834F1BA2}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb 3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{7A67DBBD-3C40-4086-8EBF-486A984A6433}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7C02343D-ED91-4120-AE3F-21DEBA4B8929}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x 64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{7D78DAAA-4A7A-48E1-A1BC-D78C4216F9DF}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8weky b3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{7EC49B54-1127-4D96-A731-D827BAFBD008}" = protocol=6 | dir=out | app=system |
"{7F215D28-2484-4695-BF25-8C7AAB2B73FF}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\football manager 2015 editor\editor.exe |
"{8026802A-64E9-4C4E-8843-794A64FE4F56}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.11 19.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{80493785-0916-4143-8B1E-4A6D4EA10F3A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{845BBBB1-D299-425D-8ED4-17C3860747DE}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38 zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{84BCA936-61E0-4643-9185-5344B1F60D56}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{86A69F0B-1E55-469A-B140-8D58ED141D1F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.11 19.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{86D84D74-6E2E-40E0-9F66-50076F5EF9EF}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{8A11B703-C4DA-4109-93D9-DC15B1E10C75}" = protocol=17 | dir=in | app=c:\users\jonare\appdata\roaming\utorrent\utorr ent.exe |
"{8C263725-0905-4F00-B0D4-9EFFCA6A6A1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9194B68D-64F9-4D65-9BE4-C1EC2B6E8E5B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\football manager 2015\fm.exe |
"{92DC37E9-F24B-444A-ACE6-EDC2D84D9182}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{957B328F-5292-4166-A157-E018795C689C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{9C3F7B0F-BB53-4FB7-9C32-B13358BC26A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9D61ADE3-F90E-44D8-A36E-9831486C35A0}" = dir=out | name=fresh paint |
"{A1C40A5F-EA15-45E4-8BAB-F4EFA4B74681}" = dir=out | name=windows_ie_ac_001 |
"{A59A7930-B5A0-4882-8A31-B802EDAD99CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5EFCBD4-81F1-4DB3-905E-77D0C127BC77}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{A64B7712-E479-48FB-9AE5-60F4B0E9DEC2}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__ 8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A8EA4FB6-63F8-4141-A3CE-FF2A3ADBA8AB}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{AC2D777F-26FD-4877-AA21-D1F98C832867}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8weky b3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{AE443C71-1928-4453-8D4B-BC95BB0B59D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{AED7D60C-9C6B-4349-B114-90C3F2D4C986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF702977-4330-41DC-B7EB-971528C7BDD5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B00819B3-B10B-4D59-864A-28469F1A3AA6}" = protocol=17 | dir=in | app=c:\users\jonare\downloads\utorrent.exe |
"{B0C529CE-54C4-4B1B-B779-373C3A762C8C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B21141DF-EE5E-43A5-B239-56F895F214BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{B72EF6A5-4DCD-4329-A2B5-DD742F8E7FDD}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{B8511E29-AE26-4005-A0A1-CD2ACB2DAE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\full tilt poker\fulltiltpoker.exe |
"{B907C972-3180-4A22-B1FA-F6D0301FC633}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{BD471F91-4FC6-41C1-8B9A-7235713D8BC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0A17086-3A28-405A-B44B-94CA51D8A7D9}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb 3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C6366212-1FFE-4401-8832-F77E8230694A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.11 19.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C7133392-FBC1-4B0E-9385-6E94F6A649D2}" = protocol=6 | dir=in | app=f:\steam\bin\steamwebhelper.exe |
"{CBF33D45-4941-4200-ACC4-9EA606E2905A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CF186EE4-5254-4E8E-A04C-70B52A843F18}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D53923E8-4EEC-413B-BA71-E9A576AF2D1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D855118C-20F7-4FDA-B0FA-EB0447D38AA9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D9504AE8-3DF6-433F-B1FC-8DCD80B97459}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8 bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{DB52EFC6-C990-4FEA-A16B-7157AD47B4A4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E03FB2B6-9578-4B91-9FAA-9FE367EBF543}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{E2692876-85E7-455E-9CB7-B5133E50A8C5}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{E4B0F01A-7262-4329-B6E4-7D4CCAD91CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{E4D47769-BCC0-465F-96D0-D06D635AC84E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6F6EC1B-2C83-4562-B7B7-9F78043692B1}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlaunche r.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA9E0A50-A4F5-4E51-83A1-872114B51CF7}" = protocol=6 | dir=in | app=c:\users\jonare\downloads\utorrent.exe |
"{EC8AEC85-21C7-4EBE-AEDB-BB1292860AAB}" = dir=out | name=@{magix.musicmakerjam_2.1.1025.0_x64__a2t3txk z9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{EE226A1C-C70F-444D-B25A-E3056B6973E5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{EFC6B8BA-DB42-4C22-A08E-673C5D7D3A0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1701AA9-A17B-444E-9645-26596B7730E3}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1 h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F206F7C2-7EAC-42FA-8FFE-B83936933B7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F902DDF5-157B-4E7D-A85F-E81533FDF632}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\football manager 2015\fm.exe |
"{FDC2B8B6-2C96-4DA4-946A-03D3BF968ACC}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb 3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"TCP Query User{59283FAB-A413-414F-9792-3B8443686271}F:\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"TCP Query User{7675F17F-F03D-4F2B-99DA-7AE409A309C2}C:\users\jonare\appdata\roaming\tornt v.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\users\jonare\appdata\roaming\torntv.com\tor ntv downloader.exe |
"UDP Query User{C54CC3FE-DE78-4408-AD86-6F74798A6721}F:\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"UDP Query User{E85A1B41-1BA3-4165-BF48-A3AC09EDD103}C:\users\jonare\appdata\roaming\tornt v.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\users\jonare\appdata\roaming\torntv.com\tor ntv downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{05219CB5-AB72-4162-83D4-C5D5A758365B}" = Qualcomm Atheros Bandwidth Control Filter Driver
"{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4071D9CC-F259-4243-85CD-60DEE1D1260C}" = AVG 2015
"{41357956-5B67-489C-9F7D-FABACC2CD3CB}" = AVG 2015
"{4282DDE4-2096-4166-9ECB-EB2B39202444}" = Qualcomm Atheros Killer Wireless-N Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.26
"{B42E4545-2F62-45AB-9B28-E255454CB425}" = Qualcomm Atheros Network Manager
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_ x64__8wekyb3d8bbwe (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"AVG" = AVG 2015
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 11.5.9.1_WHQL
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"O365HomePremRetail - nb-no" = Microsoft Office 365 - nb-no
"WinRAR archiver" = WinRAR 5.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{1B23161E-7667-4EC8-ADE1-CCE45A0209D7}" = ASUS ROG Gaming Mouse GX850
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{28B88897-774A-4005-BBFF-663B1F8EAA5A}" = OpenOffice 4.1.0
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B9E171F-A955-4834-B877-447C0A437260}" = ASUS ROG Gaming Mouse
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0414-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}" = Fotogaléria
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}" = Movie Maker
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1044-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Norsk
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B63CCD1C-A133-4DF8-8306-DA0387231152}" = Jensen Air:Link 500ac
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials
"{C67BC332-A59A-4D40-977F-664F60AB21D8}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}" = Qualcomm Atheros Killer Wireless-N Suite
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.20
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MyBitCast" = MyBitCast 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 220240" = Far Cry® 3
"Steam App 295270" = Football Manager 2015
"Steam App 295350" = Football Manager 2015 Editor
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"TheTorntvs V10 1.1 +" = TheTorntvs V10 1.1 +
"Uplay" = Uplay
"VLC media player" = VLC media player
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-1137fe53-d992-40ce-a7c1-592d61593a12" = Cut the Rope
"WTA-1aa96af5-7897-4b52-871b-5672bf2a93b1" = Peggle
"WTA-2f1b39cc-83cd-4559-b10f-61626726b133" = Bejeweled 3
"WTA-2f3263a5-c48e-44bb-8641-562ea5476a87" = Azteca
"WTA-6c851d85-eca4-4ecf-853a-81473e512af5" = Tales of Lagoona
"WTA-f7af5d5d-ca08-4f1e-b605-50cc7e4d969d" = Penguins!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31.10.2014 08:16:19 | Computer Name = Gothmogh | Source = Windows Search Service | ID = 3058
Description =

Error - 31.10.2014 08:16:19 | Computer Name = Gothmogh | Source = Windows Search Service | ID = 7010
Description =

Error - 02.11.2014 09:48:53 | Computer Name = Gothmogh | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 04.11.2014 20:05:59 | Computer Name = Gothmogh | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 06.11.2014 19:43:44 | Computer Name = Gothmogh | Source = Application Error | ID = 1000
Description = Faulting application name: editor.exe, version: 15.1.1.46998, time
stamp: 0x545a58fe Faulting module name: editor.exe, version: 15.1.1.46998, time
stamp: 0x545a58fe Exception code: 0xc0000005 Fault offset: 0x006b2143 Faulting process
ID: 0x215e8 Faulting application start time: 0x01cffa19852264ca Faulting application
path: F:\Steam\steamapps\common\Football Manager 2015 Editor\editor.exe Faulting
module path: F:\Steam\steamapps\common\Football Manager 2015 Editor\editor.exe Report
ID: bdfc7c93-660e-11e4-beb7-bcee7b0e272f Faulting package full name: Faulting package-relative
application ID:

Error - 07.11.2014 12:04:11 | Computer Name = Gothmogh | Source = Application Error | ID = 1000
Description = Faulting application name: editor.exe, version: 15.1.1.46998, time
stamp: 0x545a58fe Faulting module name: editor.exe, version: 15.1.1.46998, time
stamp: 0x545a58fe Exception code: 0xc0000005 Fault offset: 0x006b2143 Faulting process
ID: 0x22ffc Faulting application start time: 0x01cffaa28806007c Faulting application
path: F:\Steam\steamapps\common\Football Manager 2015 Editor\editor.exe Faulting
module path: F:\Steam\steamapps\common\Football Manager 2015 Editor\editor.exe Report
ID: b5c24914-6697-11e4-beb7-bcee7b0e272f Faulting package full name: Faulting package-relative
application ID:

Error - 07.11.2014 13:01:14 | Computer Name = Gothmogh | Source = MsiInstaller | ID = 1002
Description =

Error - 07.11.2014 13:01:20 | Computer Name = Gothmogh | Source = MsiInstaller | ID = 1002
Description =

Error - 07.11.2014 13:01:34 | Computer Name = Gothmogh | Source = MsiInstaller | ID = 1002
Description =

Error - 07.11.2014 13:47:52 | Computer Name = Gothmogh | Source = Application Error | ID = 1000
Description = Faulting application name: fm.exe, version: 15.1.1.0, time stamp:
0x545a4917 Faulting module name: fm.exe, version: 15.1.1.0, time stamp: 0x545a4917
Exception
code: 0xc0000005 Fault offset: 0x00eaef86 Faulting process ID: 0x254d4 Faulting application
start time: 0x01cffaa479827607 Faulting application path: F:\Steam\steamapps\common\Football
Manager 2015\fm.exe Faulting module path: F:\Steam\steamapps\common\Football Manager
2015\fm.exe Report ID: 3218b5a5-66a6-11e4-beb7-bcee7b0e272f Faulting package full
name: Faulting package-relative application ID:

[ System Events ]
Error - 03.12.2014 04:35:23 | Computer Name = Gothmogh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RunSwUSB service.

Error - 03.12.2014 20:41:18 | Computer Name = Gothmogh | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 03.12.2014 20:41:47 | Computer Name = Gothmogh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RunSwUSB service.

Error - 03.12.2014 20:42:17 | Computer Name = Gothmogh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RunSwUSB service.

Error - 03.12.2014 20:42:47 | Computer Name = Gothmogh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RunSwUSB service.

Error - 04.12.2014 19:35:17 | Computer Name = Gothmogh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RunSwUSB service.

Error - 04.12.2014 20:13:39 | Computer Name = Gothmogh | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 05.12.2014 11:56:01 | Computer Name = Gothmogh | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:48:24 on ?05.?12.?2014 was unexpected.

Error - 05.12.2014 11:55:52 | Computer Name = Gothmogh | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 05.12.2014 11:56:03 | Computer Name = Gothmogh | Source = Service Control Manager | ID = 7003
Description = The McAfee AP Service service depends on the following service: mfevtp.
This service might not be installed.


< End of report >
CMD window randomly apperaring Quote
12-18-2014 , 09:33 PM
I noticed the exact same thing twice in the last two days. A few seconds after I first noticed it, a new driver became available in the taskbar for my nvidia geforce GPU. I figured that was the cause. Then the command window appeared and instantly disappeared the next day as well which I didn't understand. I have a really hard time believing it's an infection though.
CMD window randomly apperaring Quote
12-19-2014 , 01:32 PM
Quote:
[2014.12.11 16:34:58 | 000,001,352 | ---- | C] () -- C:\Windows\tasks\FG.job
[2014.12.11 16:34:42 | 000,001,356 | ---- | C] () -- C:\Windows\tasks\LIGY.job
I think what you see is caused by this. Two scheduled tasks that are relatively new.

I'm going to bet a decent amount that these scheduled tasks run these files:

Quote:
Originally Posted by Misfitsbeevers
C:\Windows\runSW.exe
C:\Windows\SwUSB.exe
I'd recommend you to look at the list of scheduled tasks on your computer (how that must be done, you may find out yourself - I'm no expert in WIN8 and do not wish to become one), find these two and look what executable is performed and how many times per day.

Go to virustotal.com and submit both files for analysis, post the resulting log URL's back here.
CMD window randomly apperaring Quote
12-19-2014 , 06:41 PM
I've found the files. I "don't have permission" to upload them to virustotal.com.

On task manager both run
-only when user is logged on
-with highest privileges
-triggers: at log on of any user, and, at 16:34 every day - After triggered, repeat every 07:53:00 for a duration of 1 day.
CMD window randomly apperaring Quote
12-19-2014 , 06:44 PM
Actions:

Start at program: users appdata roaming FG.exe
CMD window randomly apperaring Quote
12-19-2014 , 07:48 PM
Below are results from herdProtect Anti-Malware. I don't know if these are the same version but that probably doesn't matter.

ligy.exe

fg.exe
CMD window randomly apperaring Quote
12-20-2014 , 04:19 AM
Quote:
Originally Posted by Gabethebabe

I'm no expert in WIN8 and do not wish to become one
But win8 is such a good OS!
CMD window randomly apperaring Quote
12-20-2014 , 06:24 AM
Quote:
Originally Posted by Misfitsbeevers
I've found the files. I "don't have permission" to upload them to virustotal.com.
wat

you can't make copies of those files either and upload those?

Quote:
Originally Posted by Misfitsbeevers
Actions:

Start at program: users appdata roaming FG.exe
So find that file and submit it to virustotal.
If it is adware, then proceed to delete the 2 .job files and the exe.


Quote:
Originally Posted by Craggoo
But win8 is such a good OS!
yeah, but last time heard, you have to pay for it
CMD window randomly apperaring Quote
12-20-2014 , 07:07 AM
I'm sure you've been asked this at least once before Gabe but what exactly are you looking for in those logs? When I look at it I see random file paths, hexadecimal, and registry junk... but what do you see?
CMD window randomly apperaring Quote
12-20-2014 , 07:24 AM
As someone who used to help out with HJT logs and the like (but is way too behind the times to look at logs these days) I can give you a partial answer at least. Gabe will no doubt correct me where I'm out of date or indeed wrong.

Primarily you're looking for processes and files that shouldn't be there. Either by filename or CLSID you can look for the hallmarks of various infections, but you should also be looking for apparently legitimate files but with non-standard paths that betray that they're malware. Other than that, everything from browser hijacks to unwanted processes running on startup. Plus, of course, the obvious: installed programs (you might be surprised how much adware people install in the form of toolbars etc). The OTL logs are quite comprehensive so you often also get a sense of what's going on from the lists of recently created and modified files, or of integrations into the Windows shell.

The only hexadecimal in the logs should, I think, be the Windows error codes and the like. Most of the data strings you see are CLSIDs. You can look these up yourself, to a certain degree, as a hint as to whether something's wrong if you have suspicions, but of course that's only the first step to fixing things. Where something like Combofix is needed as the solution, running it without a very detailed understanding of the logs could be terminal for the machine...
CMD window randomly apperaring Quote
12-20-2014 , 07:35 AM
Also, OP:

Don't change anything until you've finished cleaning things up with Gabe, but when you have please consider how you're using your machine. It looks as though you're just running with a full administrator account. If so (i.e. you use this account all the time, not just for running OTL here) then before playing poker or surfing the web or whatever else you're itching to do, read Wellju's thread here, set up a limited rights user account, and be safer in future.

The rest of that thread will probably confirm to you whether the advice from Win 7 still applies in 8; I think it does but you may need additional guidance. If so, this might be a good place to start.
CMD window randomly apperaring Quote
12-20-2014 , 11:41 AM
Quote:
Originally Posted by Craggoo
I'm sure you've been asked this at least once before Gabe but what exactly are you looking for in those logs? When I look at it I see random file paths, hexadecimal, and registry junk... but what do you see?
I see the same
but I have seen hundreds of logs, so I recognize most things and what I do not, I research - for example systemlook.com (and of course, google)
Takes some training - my training lasted 1y. You can start HERE.
CMD window randomly apperaring Quote
12-20-2014 , 06:52 PM
FG.job virustotal link

LIGY.job virustotal link


Copy pasted both to dektop as I could not upload them otherwise. I guess the results doesn't say much. If I just delete them, will that get rid of their potential harmfull actions?

I have to say thank you to all the help I've gotten here btw. I know next to nothing about malware/anti-virus, so I'm very thankfully for the replies.

Thunderbolts,
I used to have a non-administrator user, but my PC had a hardware problem and I exchanged it in a new one half a year ago and was to lazy to set up a separate log in account. Will do it now though!
CMD window randomly apperaring Quote
12-20-2014 , 08:55 PM
A *.job file is just a configuration file for task scheduler. You need to upload the file that the *.job file points to in the Task Scheduler properties under "Actions". In your case this would probably be fg.exe and ligy.exe.

Task Scheduler Overview
CMD window randomly apperaring Quote
12-21-2014 , 03:19 PM
Ahem, yes, submitting the .job files will not do much

The fg.exe and the ligy.exe, although I can't imagine them ever be legit

Also still interested to know where these come from
C:\Windows\runSW.exe
C:\Windows\SwUSB.exe
CMD window randomly apperaring Quote
12-21-2014 , 05:11 PM
Internet suggests they might be Realtek files.

TornTV looks shady at first glance though.
CMD window randomly apperaring Quote

      
m