Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot remove proxy settings


  • This topic is locked This topic is locked
22 replies to this topic

#1 meister99

meister99

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 November 2014 - 09:14 PM

Hi, and thanks for you time and help in advance

 

 

I have a Windows 8.1 laptop whose proxy settings keep reverting back to 127.0.0.1:49245 no matter how many times i changed it. I'm not even sure what triggers it, I turn the proxy off, browse a few minutes and suddenly the proxy's changed again. I haven't tried many things, only running FRST64 with the fixlist i found here www.bleepingcomputer.com/forums/t/548709/cannot-remove-proxy-settings-1270015050/. That fixlist fixed the other CCSwells problems so I tried it. My laptop runs a little faster now, but the proxy setting still keeps changing to 127.0.0.1:49245.

 

 

Here's the fixlog from that fix:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by Gede A at 2014-11-25 08:53:31 Run:1
Running from C:\Users\GEDE ANANDA\Downloads\Programs
Loaded Profiles: Gede A & MSSQLSERVER (Available profiles: Gede A & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
2014-09-05 19:51 - 2014-09-05 19:51 - 00003112 _____ () C:\windows\System32\Tasks\{96CBC025-013E-43F7-A951-125A203C6B55}
C:\Program Files (x86)\Common Files\Diagnostics
REG: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reboot:
*****************
 
Processes closed successfully.
"C:\windows\System32\Tasks\{96CBC025-013E-43F7-A951-125A203C6B55}" => File/Directory not found.
"C:\Program Files (x86)\Common Files\Diagnostics" => File/Directory not found.
 
========= reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
*EDIT* Internet seems to be running fine right now although the proxy is still changed to 127.0.0.1:49245

Edited by meister99, 24 November 2014 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 25 November 2014 - 11:17 AM

======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop
  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
    torpigcheck;
    installedprogs;
    uninstall-list;
    srinfo;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 November 2014 - 08:05 PM

Hi, 

 

I ran the zoek and here's the content of the log

 

 
Zoek.exe v5.0.0.0 Updated 25-11-2014
Tool run by Gede A on Wed 11/26/2014 at  7:45:49.53.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GEDE ANANDA\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/26/2014 7:50:32 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Torpig Check ======================
 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 
 
 
==== Installed Programs ======================
 
"RocketTab"  
7-Zip 9.20  
Absolute Reminder  
ACE COMBATT ASSAULT HORIZON Enhanced Edition  
Adobe Flash Player 15 Plugin  
Adobe Photoshop CS5  
Adobe Photoshop Elements 11  
Adobe Reader X (10.1.3) MUI  
AHA Dialer  
AMD Accelerated Video Transcoding  
AMD APP SDK Runtime  
AMD Catalyst Control Center  
AMD Catalyst Install Manager  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Battlelog Web Plugins  
Bitcasa version 0.9.20.4135  
BitTorrent  
Bonjour  
Catalyst Control Center - Branding  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CodeBlocks  
CS-Source.v80  
CyberLink PowerDVD 10  
D3DX10  
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition  
E-POP  
Easy File Share  
Elements 11 Organizer  
esia max-d MC400  
ESN Sonar  
ETDWare X64 11.7.8.5_WHQL  
Evolve  
ExpressCache  
Fallout 3  
Fallout: New Vegas  
Fast Flash Sleep Resume  
Garena Plus  
Google Chrome  
Grand Theft Auto IV  
Grand Theft Auto: Episodes from Liberty City  
GTA IV Vehicle Mod Installer v1.5  
GTA San Andreas  
Help Desk  
Horizon v2.7.0.0  
ImgBurn  
Intel AppUp(SM) center  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® Rapid Start Technology  
Intel® Rapid Storage Technology  
Intel® SDK for OpenCL - CPU Only Runtime Package  
Intel® Update Manager  
Intelr Trusted Connect Service Client  
Internet Download Manager  
iTunes  
Java 7 Update 55  
Java Auto Updater  
K-Lite Codec Pack 9.7.5 (Full)  
Kaspersky Internet Security 2013  
LAME v3.99.3 (for Windows)  
Left 4 Dead 2 Standalone PatchT  
LINE  
LogMeIn Hamachi  
Microsoft .NET Framework 4 Multi-Targeting Pack  
Microsoft Application Error Reporting  
Microsoft Chart Controls for Microsoft .NET Framework 3.5  
Microsoft Games for Windows - LIVE Redistributable  
Microsoft Games for Windows Marketplace  
Microsoft Help Viewer 1.0  
Microsoft Office  
Microsoft Office 2003 Web Components  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Enterprise 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office Groove MUI (English) 2007  
Microsoft Office Groove Setup Metadata MUI (English) 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing (English) 2010  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Visio 2010  
Microsoft Office Visio MUI (English) 2010  
Microsoft Office Word MUI (English) 2007  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft SQL Server 2008 (64-bit)  
Microsoft SQL Server 2008 Common Files  
Microsoft SQL Server 2008 Database Engine Services  
Microsoft SQL Server 2008 Database Engine Shared  
Microsoft SQL Server 2008 Native Client  
Microsoft SQL Server 2008 R2 Management Objects  
Microsoft SQL Server 2008 RsFx Driver  
Microsoft SQL Server 2008 Setup Support Files   
Microsoft SQL Server 2012  
Microsoft SQL Server 2012 Native Client   
Microsoft SQL Server 2012 RsFx Driver  
Microsoft SQL Server 2012 Setup (English)  
Microsoft SQL Server 2012 Transact-SQL ScriptDom   
Microsoft SQL Server Compact 3.5 SP2 ENU  
Microsoft SQL Server Compact 3.5 SP2 x64 ENU  
Microsoft SQL Server System CLR Types  
Microsoft Visio Premium 2010  
Microsoft Visual Basic 2010 Express - ENU  
Microsoft Visual Basic for Applications 7.1 (x64)  
Microsoft Visual Basic for Applications 7.1 (x64) English  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU  
Microsoft Visual Studio 2005 Tools for Applications - ENU  
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools  
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU  
Microsoft VSS Writer for SQL Server 2012  
Microsoft WSE 3.0 Runtime  
Minecraft1.7.2  
Movie Maker  
Mozilla Firefox 25.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
MSXML4 Parser  
Norton Online Backup  
Norton Online Backup ARA  
NVIDIA PhysX  
OEM Application Profile  
OpenVPN 2.3.2-I003   
Opera Stable 17.0.1241.45  
PAYDAY 2  
PCSX2 - Playstation 2 Emulator  
Photo Common  
Photo Gallery  
PhotoScape  
Plants vs. Zombies  
PSE11 STI Installer  
PX Profile Update  
Qualcomm Atheros Bluetooth Suite (64)  
Qualcomm Atheros Client Installation Program  
QuickTime  
Rainmeter  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Realtek USB Card Reader  
Recovery  
Rise of Nations  
Rising Storm/Red Orchestra 2 Multiplayer  
S Agent  
SanDiskSecureAccess_Manager.exe  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition   
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition   
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
Settings  
Shockwave Flash  
SMARTFREN  
SolidWorks 2013 x64 Edition SP02  
SolidWorks eDrawings 2013 x64 Edition SP02  
SolidWorks Flow Simulation 2013 SP02 x64 Edition   
SolidWorks Plastics 2013 SP02 x64 Edition  
SPORET  
SQL Server 2012 Common Files  
SQL Server 2012 Database Engine Services  
SQL Server 2012 Database Engine Shared  
SQL Server Browser for SQL Server 2012  
Sql Server Customer Experience Improvement Program  
SRS Premium Sound  
Steam  
Support Center  
Support Center FAQ  
SW Update  
TAP-Windows 9.9.2  
The SimsT 3  
UltraISO Premium V9.35  
Unity Web Player  
Update for 2007 Microsoft Office System (KB967642)  
Update for Japanese Microsoft IME Postal Code Dictionary  
Update for Japanese Microsoft IME Standard Dictionary  
Update for Japanese Microsoft IME Standard Extended Dictionary  
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition  
User Guide  
Visual Analyser 2011  
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU  
VLC media player 2.0.8  
Winamp  
Winamp Detector Plug-in  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
WinRAR archiver  
YTD Video Downloader 4.8.7  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\AHA Dialer\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\SMARTFREN\C+WEject.exe
C:\Program Files\esia max-d MC400\C+WEject.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\windows\SysWOW64\innosvcd.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\Search Extensions\Client.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\plugin-nm-server.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\GEDE ANANDA\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3978 MB
CPU Info: Intel® Core™ i5-3337U CPU @ 1.80GHz
CPU Speed: 1797.4 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Evolve Virtual Ethernet Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Hosted Network Virtual Adapter | TAP-Windows Adapter V9 | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485WB-EG Wireless Network Adapter | LogMeIn Hamachi Virtual Ethernet Adapter
CD / DVD Drives: 1x (E: | ) E: EZBSYS  ISO CDVD DRIVE
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  444.9GB
Hard Disks - Free: C:  87.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE |  | SECCSD - 1072009
Time Zone: SE Asia Standard Time
Motherboard *: SAMSUNG ELECTRONICS CO., LTD. NP530U4E-S01ID
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Google Chrome 39.0.2171.65
Internet Explorer Version: 11.0.9600.17126 
Mozilla Firefox version: 25.0 (x86 en-US)
Opera Browser version: 17.0.1241.45
Adobe Reader version: 10.1.3.23
Sun Java version: 1.7.0_55 (32-bit) 
Flash Player version: 15.0.0.223
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\GEDEAN~1\AppData\Local\Temp ====
2014-11-26 00:43:43 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite32755.dll
2014-11-26 00:42:12 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite59432.dll
2014-11-25 16:13:08 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite55461.dll
2014-11-25 12:12:31 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite53275.dll
2014-11-25 10:48:23 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite68367.dll
2014-11-25 10:46:15 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite69482.dll
2014-11-25 03:51:49 34A6118F41E66B678AA7A951FBCE7403 208896 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\drm_dyndata_7410004.dll
2014-11-25 01:55:44 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite66414.dll
2014-11-25 01:45:20 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite85352.dll
2014-11-25 01:38:27 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite93553.dll
2014-11-24 16:13:24 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite94697.dll
2014-11-24 15:46:57 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite68221.dll
2014-11-24 15:44:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\GURF426.exe
2014-11-24 15:44:29 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite81821.dll
2014-11-24 07:56:54 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite73883.dll
2014-11-24 06:40:35 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite75939.dll
2014-11-24 06:38:02 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite88799.dll
2014-11-23 16:13:04 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite34774.dll
2014-11-23 14:55:36 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite73352.dll
2014-11-23 12:25:20 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite61258.dll
2014-11-23 12:22:46 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite88539.dll
2014-11-23 01:47:51 6BE4E1A1B95FAD63A01DF9351AA0544F 1035264 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\Epic-0ab0b664-dd28-412b-b150-3418aee06886\Binaries\UnSetup.exe
2014-11-23 01:26:47 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite98841.dll
2014-11-23 01:24:13 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite99135.dll
2014-11-22 16:41:56 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite11521.dll
2014-11-22 16:24:02 F6A34945B5A3B989BB9408E7254DD1D4 274432 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IScrCnv.dll
2014-11-22 16:24:02 F4AC23EBD114C0E665FFAFABC805D278 200704 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\iGdiCnv.dll
2014-11-22 16:24:02 F13DBECAA09ABD8E29C152DFC00F04C9 421888 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\ISRT.dll
2014-11-22 16:24:02 D28B31E1E3D9972CCE01E4DEB0288B31 548963 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\_ISRES1033.dll
2014-11-22 16:24:02 C7628D42F902934203B56426B24611A8 32768 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\objpscnv.dll
2014-11-22 16:24:02 B7E773E07E950E35EEC03E66AC157088 184320 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IUserCnv.dll
2014-11-22 16:24:02 93432F686F0C2B3ABD766CB1ADC95B5B 63488 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\ISBEW64.exe
2014-11-22 16:24:02 86F4A155854BF52631354AB8D63578F9 778240 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.NonElevated.exe
2014-11-22 16:24:02 1CF03C69B49ACB70C722DF92755C0C8C 69632 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriverT.exe
2014-11-22 16:24:01 86F4A155854BF52631354AB8D63578F9 778240 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver2.exe
2014-11-22 16:24:01 86F4A155854BF52631354AB8D63578F9 778240 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\{4f5e3a76-f453-4882-ab42-7224f3310de7}\IDriver.exe
2014-11-22 16:12:42 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite61281.dll
2014-11-22 16:11:25 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\System.Data.SQLite.dll
2014-11-16 03:18:26 D5A933BF291E4648554056EBAE16D73D 17880936 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\line\LineInst.exe
2014-11-15 10:09:47 623C9754952A35B018F2448AF8184075 1030144 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\line\dbghelp.dll
2014-11-15 10:09:47 22D7D367BAB9A9D0497ED7DAF935D11F 182632 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\line\NELO.dll
2014-11-15 10:09:47 0FDD2C65BA1246704F7BE213AD4B4E38 817512 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\line\NELO_CrashReporter.exe
2014-11-15 02:10:30 9273B5502FD784B6D0AD5D183C2E99AB 1104232 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\line\LineUpgrader.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-11-12 16:03:47 BF41DD04598870EA08D306A002EEB9DD 45656 ----a-w- C:\WINDOWS\SysWOW64\perf-MSSQL11.MSSQLSERVER-sqlagtctr.dll
2014-11-12 16:03:23 15440354A273D479AA359F30C5922D35 1092390 ----a-w- C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-11-12 16:03:22 0AA6629F94E3FE8E81100D40D6F7D0E8 82520 ----a-w- C:\WINDOWS\SysWOW64\perf-MSSQLSERVER-sqlctr11.0.2100.60.dll
2014-11-12 16:03:12 3FE6F1234DBE0C5F3A17CA329C1A9641 69208 ----a-w- C:\WINDOWS\SysWOW64\fssres.dll
2014-11-12 16:03:12 1130EF1F3D0F6080ECCAA9DBD4CAB626 147032 ----a-w- C:\WINDOWS\SysWOW64\hadrres.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2014-11-03 11:12:12 186AD2DF9B3323DF4637A5EA65B6F49A 46136 ---ha-w- C:\WINDOWS\Sysnative\drivers\Hamdrv.sys
====== C:\WINDOWS\Tasks ======
2014-11-22 16:11:44 F23A4FB76755B6252B0EE75927A17979 4330 ----a-w- C:\WINDOWS\Sysnative\Tasks\RocketTab Update Task
2014-11-22 16:11:43 54C6866B5BE3993C5CF2A9FFD58B1B70 3544 ----a-w- C:\WINDOWS\Sysnative\Tasks\RocketTab
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-23 01:48:27 -------- d-----w- C:\PROGRA~2\Microsoft Chart Controls
2014-11-22 16:11:37 -------- d-----w- C:\PROGRA~2\Search Extensions
======= C: =====
2014-11-26 00:40:51 !HASH: COULD NOT OPEN FILE !!!!! 0 --sha-w- C:\DkHyperbootSync
====== C:\Users\GEDE ANANDA\AppData\Roaming ======
2014-11-22 16:24:01 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
2014-11-22 16:24:01 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-11-22 16:18:50 -------- d-----w- C:\Users\GEDE ANANDA\AppData\Locallow\Apple Computer
2014-11-12 16:03:50 -------- d-s---w- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Local\Temp
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Local\Microsoft Help
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Local\Microsoft
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-12 15:53:00 -------- d-----w- C:\Users\GEDE ANANDA\AppData\Local\Microsoft_Corporation
2014-11-06 13:31:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\debuggee.mdmp
====== C:\Users\GEDE ANANDA ======
2014-11-22 16:25:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Videos
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Searches
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Saved Games
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Pictures
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\OneDrive
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Music
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Links
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Favorites
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Downloads
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Documents
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Desktop
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Contacts
2014-11-22 16:11:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-11-12 16:03:52 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\MSSQLSERVER\ntuser.ini
2014-11-12 16:03:50 -------- d--h--w- C:\Users\MSSQLSERVER\AppData
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\Saved Games
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Videos
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Pictures
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Music
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Links
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Favorites
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Downloads
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Documents
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Desktop
2014-11-12 15:28:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-11-04 13:03:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-11-04 13:03:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
 
====== C: exe-files ==
2014-11-23 16:55:45 165EDEED8A0FBE3DCA86D823C4516081 3122248 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\pbsvc_hos.exe
2014-11-22 16:11:54 1D56572E5DE94732396D474D2C410D47 6513664 ----a-w- C:\Program Files (x86)\Search Extensions\uninstall.exe
2014-11-22 16:11:37 ED17F7213E399B1AF6E8665FF054B703 90112 ----a-w- C:\Program Files (x86)\Search Extensions\Resources\certutil.exe
2014-11-22 16:11:37 8F2D4ACDB16F4CB261861BF112393E51 5812224 ----a-w- C:\Program Files (x86)\Search Extensions\Client.exe
2014-11-22 16:11:37 74801B05A239A59B3F3A75DCCD507945 8704 ----a-w- C:\Program Files (x86)\Search Extensions\certmanager.exe
2014-11-22 16:11:37 3DA54BD90C1A4EF9A12270102C047FC5 55632 ----a-w- C:\Program Files (x86)\Search Extensions\makecert.exe
2014-11-22 16:01:40 BAADB793322B108C221B19BD2145ABDF 11458112 ----a-w- C:\ProgramData\YTD Video Downloader\ytd_installer.exe
2014-11-21 00:19:47 DBDC93187B17D055F0B17838C7D264BE 6838864 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.65\39.0.2171.65_38.0.2125.111_chrome_updater.exe
2014-11-19 14:14:50 30AECC75ECBD3618021BD39B56E85664 65304 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\UE3ShaderCompileWorker.exe
2014-11-19 14:14:12 DFF00871CE44C3AC59B341A4F3078532 25015219 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Windows\RO2Redist.exe
2014-11-19 14:14:12 8C232E842691FE0CA472718648873371 696832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\crashSender1300.exe
2014-11-19 14:14:12 6B932E8EE3EF6EA482B12A114DA7C11E 18161152 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
2014-11-19 14:14:12 165EDEED8A0FBE3DCA86D823C4516081 3122248 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Windows\pbsvc_hos.exe
=== C: other files ==
2014-11-25 17:20:19 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141126002017_21.2.0.0050.zip
2014-11-25 17:10:53 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141126001050_21.2.0.0050.zip
2014-11-25 16:57:13 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125235711_21.2.0.0050.zip
2014-11-25 16:56:30 60A9503BF8A713575213CFC88F621BD4 2507 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125235627_21.2.0.0050.zip
2014-11-25 16:40:54 364B013F1CB3B681967C0A65B3A404CF 2833 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125234051_21.2.0.0050.zip
2014-11-25 15:37:55 6406BD983828ABEE824088D6BD9AB045 1997 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125223752_21.2.0.0050.zip
2014-11-25 12:12:00 B8B5383C690AD7134E356DACF2F03CF4 2836 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ara_4.1_all_livetriLBI40AC3.zip
2014-11-25 03:59:01 7F274A2B8FDEB11734267AE8350D180A 1819 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125105859_21.2.0.0050.zip
2014-11-25 03:58:05 152C576C7D156A6D2006178E70BCE862 5710 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125105801_21.2.0.0050.zip
2014-11-24 16:19:00 CC298420A1AE6977E6D907A7F83C09BA 80949853 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan\ferdy.zip
2014-11-24 16:18:41 781B77921F4B4B8F7508E602A21DDD65 76877553 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan\Jeffry.zip
2014-11-24 16:18:30 393F775EA34A677B08852AE2B816DA06 33997250 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan\Vivi.zip
2014-11-24 16:07:37 F13419092701C04A8CD674A27390F80D 191272982 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan.zip
2014-11-22 11:57:34 B8B5383C690AD7134E356DACF2F03CF4 2836 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ara_4.1_all_livetriS02EMMBC.zip
2014-11-20 09:31:02 C16BCC3A8A232191B71BE7B22592FFCB 3113 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141120163059_21.2.0.0050.zip
2014-11-20 05:20:14 2D34AFC7B08AD930F180EF33147BA538 3239 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141120122012_21.2.0.0050.zip
2014-11-19 23:21:00 D58B63A3CF459D35C86B30853A868E4D 12876 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141120062054_21.2.0.0050.zip
2014-11-19 14:14:27 75D9BC139A3DDD20362D6EF4D87C7C84 342 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Windows\CleanINIs.bat
2014-11-19 14:14:18 B75503E24F10F9749D9A7A2D2DF9AB39 205 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\pb\htm\lc002280.htm.zip
2014-11-19 14:14:18 69DE60E017F21062DC78C5198CD48915 205 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\pb\htm\mc002280.htm.zip
2014-11-19 14:14:12 47B3A9B2D2829EC57708CBBD6CE7856D 814351 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\pb\htm\wc002280.htm.zip
2014-11-19 13:57:24 DED5404359D3F8B3495426B1F464906B 2696 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141119205721_21.2.0.0050.zip
 
======== System Restore Points ========
 
RP37: 11/8/2014 8:38:37 PM - Scheduled Checkpoint
RP38: 11/19/2014 9:38:06 PM - Scheduled Checkpoint
RP39: 11/22/2014 11:20:20 PM - Installed QuickTime
RP40: 11/26/2014 7:49:32 AM - zoek.exe restore point
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-207111367-423552153-1767806344-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GarenaPlus"="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe -autolaunch"
"SanDiskSecureAccess_Manager.exe"="C:\Users\GEDE ANANDA\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"
"EvolveClient"="C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GarenaPlus"="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe -autolaunch"
"SanDiskSecureAccess_Manager.exe"="C:\Users\GEDE ANANDA\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"
"EvolveClient"="C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "
"RtHDVBg_SRSSA"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA"
"BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Bitcasa"="C:\Program Files\Bitcasa\Bitcasa.exe /startup"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
 
==== Startup Folders ======================
 
2013-07-03 13:49:12 1266 ----a-w- C:\Users\GEDE ANANDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2014-01-18 09:02:06 1730 ----a-w- C:\Users\GEDE ANANDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
2014-02-06 02:44:59 2753 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001Core.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001UA.job --a-------- [Undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\WINDOWS\SysNative\tasks\FFSRConfigurer" ["C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001Core" [C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001UA" [C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe"]
"C:\WINDOWS\SysNative\tasks\RocketTab" [cmd.exe]
"C:\WINDOWS\SysNative\tasks\RocketTab Update Task" [C:\Program Files (x86)\Search Extensions\uninstall.exe]
"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{517157BB-EA78-488D-A996-4C1BCF8DDD4F}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
 
2014-09-26 16:45:54 -------- d-----w- C:\PROGRA~3\Intel® Update Manager
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com" [05/23/2014 07:33 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc@internetdownloadmanager.com"="C:\Users\GEDE ANANDA\AppData\Roaming\IDM\idmmzcc5" [01/20/2014 11:59 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\GEDEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\cp7yiw0f.default
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\GEDE ANANDA\AppData\Roaming\Mozilla\Firefox\Profiles\cp7yiw0f.default
4A04CF5A1C5149A39AFC4CB09DA6F7DF - C:\Users\GEDE ANANDA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[05/02/2013 05:13 PM]
jmolcgpienlcieaajfkkdamlngancncm - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[02/16/2013 06:00 PM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[05/02/2013 05:13 PM]
 
Google Docs - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Missing e - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
Google Voice Search Hotword (Beta) - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
IDM Integration - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm
Kaspersky Protection - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Google Wallet - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
IDM Integration - GEDE ANANDA\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmolcgpienlcieaajfkkdamlngancncm
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{FC93DEAC-7183-4F3E-AB0A-E73517EA197A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{7694A591-7B5D-4337-9DE0-2EF556344B78} Unknown  Url="Not_Found"
 
==== Uninstall List x64 ======================
 
"RocketTab"  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab]
7-Zip 9.20 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip]
Absolute Reminder [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40F4FF7A-B214-4453-B973-080B09CED019}]
ACE COMBATT ASSAULT HORIZON Enhanced Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228400]
Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Photoshop CS5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{50B00A1F-CB20-4AAB-A448-66B24B1E83A9}]
Adobe Photoshop Elements 11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D181764-DCD0-41B8-AA7B-0A599F027A72}]
Adobe Photoshop Elements 11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 11]
Adobe Reader X (10.1.3) MUI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}]
AHA Dialer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AHA Dialer]
AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC985990-9908-CDA9-36A4-6E5143036819}]
AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
AMD Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5EA2099A-0249-1D98-5387-0BEF207D72AA}]
AMD Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77A7CE43-5A1E-8282-931B-E0CC4C075793}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Battlelog Web Plugins [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Battlelog Web Plugins]
Bitcasa version 0.9.20.4135 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1]
BitTorrent  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB79256B-C0E0-40C6-8EB7-BDD796203581}]
Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DC13EFF-D4FF-65B6-7538-8B3E6075853F}]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B11576-F9D6-5E0D-0C0A-7A50571D7D76}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C68D4599-2D2A-2060-39D0-0B3DEA861657}]
ccc-utility64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{345841F8-F9F9-9910-134E-49162B7FDDAD}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{450BED09-F405-87EE-CD52-5055B1EF8F72}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B99E1A30-E349-FA3B-80F7-FB55EBC40996}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C58E0C8-89FB-7E36-158C-5DC0B57027D9}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A71019D0-8C9D-DB8D-2801-CBFC736FF307}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29043AAA-3A1A-D36B-C1CB-E201FA72C16A}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C28E9DF6-C68D-18DF-076C-7E92B9F30A96}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F940E929-2FFF-1F4E-7ECB-DE1B0377D627}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{632396AA-8A78-A9A4-0945-7E24DF3F5B6C}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BB69BDB-FE40-24D2-3822-828FB6DF6DE2}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB8AF07B-42FB-4746-058A-B6A063472452}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25087F13-EBE7-C817-CA31-08C196F73B23}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7BC48761-EE54-AA23-5607-0D11B7550CFB}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96DAF3C6-C2D4-5804-E219-86C034A02355}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{446CF7B3-EE4D-1C10-E2B7-87C1C8517FE8}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C7F465C-765F-A038-60BE-03B7301B0161}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D628C2E-D9F7-2D3A-E610-00F4D52F219F}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42321261-5D40-644C-1235-927141D4FA20}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{64592305-22DF-6756-FD51-1B7234D4C6AB}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8F1ABC89-3D34-1D8B-DF69-EC9198604283}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1812E293-E2D1-3072-0ED4-C15163533D7E}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87270A4A-EDE9-BFDF-AE0C-0FBDEEA5D4BD}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{553B5DE6-496A-4328-DE0B-D1C83F7FE4D8}]
CodeBlocks  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CodeBlocks]
CS-Source.v80  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE560BB6-443D-4D9E-B747-4051A606AC93}_is1]
CyberLink PowerDVD 10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}]
CyberLink PowerDVD 10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}]
D3DX10  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
E-POP  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}]
Easy File Share [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}]
Elements 11 Organizer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}]
esia max-d MC400 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\esia max-d MC400_is1]
ESN Sonar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ESN Sonar-0.70.4]
ETDWare X64 11.7.8.5_WHQL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Elantech]
Evolve  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{670B1B49-9FD3-4827-9B41-471EFF580AA8}]
ExpressCache  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{196E43FB-929D-4838-B859-BF27557A6CA0}]
Fallout 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{974C4B12-4D02-4879-85E0-61C95CC63E9E}]
Fallout: New Vegas [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 22380]
Fast Flash Sleep Resume [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B747BF1B-D3B7-4AEF-9835-7FD08980A243}]
Garena Plus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\im]
Google Chrome [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Grand Theft Auto IV [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 12210]
Grand Theft Auto: Episodes from Liberty City [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 12220]
GTA IV Vehicle Mod Installer v1.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GTA IV Vehicle Mod Installer v1.5_is1]
GTA San Andreas [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}]
Help Desk [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}]
Horizon v2.7.0.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1]
ImgBurn  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImgBurn]
Intel AppUp(SM) center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Intel AppUp(SM) center 33070]
Intel® Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}]
Intel® Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel® Rapid Start Technology [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3D073343-CEEB-4ce7-85AC-A69A7631B5D6]
Intel® Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}]
Intel® SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Intel® Update Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}]
Intelr Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}]
Internet Download Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}]
Java 7 Update 55 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217055FF}]
K-Lite Codec Pack 9.7.5 (Full) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1]
Kaspersky Internet Security 2013 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{560985FB-4B76-4121-9189-7A2CDC7886D6}]
Kaspersky Internet Security 2013 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}]
LAME v3.99.3 (for Windows) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LAME_is1]
Left 4 Dead 2 Standalone PatchT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\L4D2SP]
LINE  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LINE]
LogMeIn Hamachi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{32CB6BDF-F465-4BE8-9B57-1422057B61B9}]
LogMeIn Hamachi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LogMeIn Hamachi]
Microsoft .NET Framework 4 Multi-Targeting Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}]
Microsoft Chart Controls for Microsoft .NET Framework 3.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41785C66-90F2-40CE-8CB5-1C94BFC97280}]
Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}]
Microsoft Games for Windows Marketplace [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}]
Microsoft Help Viewer 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}]
Microsoft Help Viewer 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Help Viewer 1.0]
Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft SQL Server 2008 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 10 Release]
Microsoft SQL Server 2008 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 10]
Microsoft SQL Server 2008 Common Files [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5340A3B5-3853-4745-BED2-DD9FF5371331}]
Microsoft SQL Server 2008 Common Files [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}]
Microsoft SQL Server 2008 Database Engine Services [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FA7394B8-CE65-4F9E-AC99-F372AD365424}]
Microsoft SQL Server 2008 Database Engine Services [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FBD367D1-642F-47CF-B79B-9BE48FB34007}]
Microsoft SQL Server 2008 Database Engine Shared [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}]
Microsoft SQL Server 2008 Database Engine Shared [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF167CE3-60E7-44EA-99EC-2507C51F37AE}]
Microsoft SQL Server 2008 Native Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}]
Microsoft SQL Server 2008 R2 Management Objects [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E968D9C-21A7-4915-B698-F7AEB913541D}]
Microsoft SQL Server 2008 RsFx Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}]
Microsoft SQL Server 2008 Setup Support Files  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B40EE88B-400A-4266-A17B-E3DE64E94431}]
Microsoft SQL Server 2008 Setup Support Files  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}]
Microsoft SQL Server 2012 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 11]
Microsoft SQL Server 2012 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server SQLServer2012]
Microsoft SQL Server 2012 Native Client  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}]
Microsoft SQL Server 2012 RsFx Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DFB059F4-DBB2-497F-999E-AD86FA90E6DD}]
Microsoft SQL Server 2012 Setup (English) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FEC535DD-0EB2-4709-87BD-1708C6364EB6}]
Microsoft SQL Server 2012 Transact-SQL ScriptDom  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E8670B8-3965-4930-ADA6-570348B67153}]
Microsoft SQL Server Compact 3.5 SP2 ENU [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A9FC03D-C685-4831-94CF-4EDFD3749497}]
Microsoft SQL Server Compact 3.5 SP2 x64 ENU [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}]
Microsoft SQL Server System CLR Types [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A2F3AE8-246A-4252-BB26-1BEB45627074}]
Microsoft Visio Premium 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIO]
Microsoft Visual Basic 2010 Express - ENU [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED784556-66AA-3F17-9B58-7246ACB5C7E4}]
Microsoft Visual Basic 2010 Express - ENU [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Basic 2010 Express - ENU]
Microsoft Visual Basic for Applications 7.1 (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120064-0070-0000-0000-4000000FF1CE}]
Microsoft Visual Basic for Applications 7.1 (x64) English [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90F60409-7000-11D3-8CFE-0150048383C9}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94D70749-4281-39AC-AD90-B56A0E0A402E}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15134cb0-b767-4960-a911-f2d16ae54797}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22154f09-719a-4619-bb71-5b3356999fbf}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}]
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}]
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{542DDF04-9F91-4F36-B2F4-2638B788A4C8}]
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU]
Microsoft Visual Studio 2005 Tools for Applications - ENU [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D481EA96-2313-4A7C-98EE-710D1AF884AC}]
Microsoft Visual Studio 2005 Tools for Applications - ENU [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2005 Tools for Applications - ENU]
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14DD7530-CCD2-3798-B37D-3839ED6A441C}]
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCA26999-EC22-3007-BB79-638913079C9A}]
Microsoft VSS Writer for SQL Server 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}]
Microsoft WSE 3.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}]
Minecraft1.7.2  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Minecraft1.7.2]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BABDA39-61CF-41EE-992D-4054B6649A9B}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC5EAB7E-8898-44C6-85D9-5BC7DAFD80A3}]
Mozilla Firefox 25.0 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT110  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}]
MSVCRT110_amd64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}]
MSXML4 Parser [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}]
Norton Online Backup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}]
Norton Online Backup ARA [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NARA]
NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}]
OEM Application Profile [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}]
OpenVPN 2.3.2-I003  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenVPN]
Opera Stable 17.0.1241.45 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera 17.0.1241.45]
PAYDAY 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 218620]
PCSX2 - Playstation 2 Emulator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\pcsx2-r5350]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E6AB06E-FE46-433B-85D5-BC27ABE06570}]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D888F114-7537-4D48-AF03-5DA9C82D7540}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30F99474-EBE3-4134-A02B-F6CD38CFE243}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5261248-C4EB-43AD-B07C-9FF9B940896C}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC6C7107-7D72-41A1-A031-3CE751159BAB}]
PhotoScape  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PhotoScape]
Plants vs. Zombies [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plants vs. Zombies]
PSE11 STI Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98CE8819-87AA-4814-8167-ADDDD513485F}]
PX Profile Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08C39CFD-D68C-D2DE-22B1-7005D15DF6E9}]
Qualcomm Atheros Bluetooth Suite (64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}]
Qualcomm Atheros Client Installation Program [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}]
QuickTime  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7BE15435-2D3E-4B58-867F-9C75BED0208C}]
Rainmeter  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
Realtek USB Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96AE7E41-E34E-47D0-AC07-1091A8127911}]
Recovery  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}]
Rise of Nations [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RiseOfNationsExpansion 1.0]
Rising Storm/Red Orchestra 2 Multiplayer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 35450]
S Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{860203FC-987D-4429-8A08-8332B21AD90E}]
SanDiskSecureAccess_Manager.exe  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe]
Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]
Settings  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}]
SMARTFREN  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SMARTFREN_is1]
SolidWorks 2013 x64 Edition SP02 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6B5EA7E-B91F-443D-A958-B0062FB53804}]
SolidWorks 2013 x64 Edition SP02 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SolidWorks Installation Manager 20130-40200-1100-100]
SolidWorks eDrawings 2013 x64 Edition SP02 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C65CCFC5-D5CC-4CEF-B7E1-90222EB64CBB}]
SolidWorks Flow Simulation 2013 SP02 x64 Edition  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2A6228B3-BB5D-47D9-9BB6-20953A050698}]
SolidWorks Plastics 2013 SP02 x64 Edition [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BA812540-2D88-4A6A-A527-E7728D577D7D}]
SPORET  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}]
SQL Server 2012 Common Files [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{124D51A1-F3C2-45AE-B812-D3CA71247093}]
SQL Server 2012 Common Files [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}]
SQL Server 2012 Database Engine Services [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87D50333-E534-493A-8E98-0A49BC28F64B}]
SQL Server 2012 Database Engine Services [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C22613C2-C7A4-4761-A906-116ECD4E7477}]
SQL Server 2012 Database Engine Shared [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54F84805-0116-467F-8713-899DFC472235}]
SQL Server 2012 Database Engine Shared [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0F44C37-A22B-4733-BBA7-86C9F4988725}]
SQL Server Browser for SQL Server 2012 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}]
Sql Server Customer Experience Improvement Program [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}]
Sql Server Customer Experience Improvement Program [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}]
SRS Premium Sound [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E44F8A34-529E-4318-A0E1-1893C337A47F}]
Steam  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam]
Support Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3EB3E946-FB88-45C2-A19B-410D254657D9}]
Support Center FAQ [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9478A3AA-4C2C-4104-97D7-32C7EEB32F59}]
SW Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5B5BA56-8FEB-494B-84E6-C8DA9C2BEE50}]
TAP-Windows 9.9.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TAP-Windows]
The SimsT 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}]
UltraISO Premium V9.35 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UltraISO_is1]
Unity Web Player [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
Update for Japanese Microsoft IME Postal Code Dictionary [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{121C874E-5797-40B2-86CE-CE6624F2711A}]
Update for Japanese Microsoft IME Standard Dictionary [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DB71278-9AD7-4480-AB08-8649C5010B17}]
Update for Japanese Microsoft IME Standard Extended Dictionary [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}]
User Guide [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{491C3106-0333-4CC0-8085-7F82065FBFA4}]
Visual Analyser 2011 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}]
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{112C23F2-C036-4D40-BED4-0CB47BF5555C}]
VLC media player 2.0.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
Winamp  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp]
Winamp Detector Plug-in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Detect]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BEA0C361-4CEF-4132-AA16-86E95AE9293E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C034A6F9-6569-491B-B3BF-F5D15221A708}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18272881-CFC0-434D-A975-E5BE44206AA0}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A96A855B-89F7-40D4-A57E-580DFD4235B3}]
WinRAR archiver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
YTD Video Downloader 4.8.7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\GEDE ANANDA\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SolidWorks 2013 Fast Start.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AHA Dialer. OUC (AHA Dialer. RunOuc) - Unknown owner - C:\Program Files (x86)\AHA Dialer\UpdateDog\ouc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CDROM_Eject_C - Unknown owner - C:\Program Files\SMARTFREN\C+WEject.exe
O23 - Service: CDROM_Eject_W - Unknown owner - C:\Program Files\esia max-d MC400\C+WEject.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - C:\Program Files\Echobit\Evolve\EvoSvc.exe
O23 - Service: ExpressCache - Condusiv Technologies - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Innosvcd - INNORIX - C:\windows\SysWOW64\innosvcd.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Solver for Flow Simulation 2013 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Wed 11/26/2014 at  7:57:44.75 ======================
 
 
*EDIT* I forgot to mention, around the same time the proxy changed everytime i boot up the laptop there's always a cmd.exe open. it's empty and always closes in a second. i thought you might want to know, thanks

Edited by meister99, 25 November 2014 - 08:20 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 26 November 2014 - 01:00 AM

First,

We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

RocketTab

Additional instructions can be found here if needed.

Next,

====Zoek.exe====

Start 51a612a8b27e2-Zoek.pngZoek.exe again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    C:\WINDOWS\Sysnative\Tasks\RocketTab Update Task;fs
    C:\WINDOWS\Sysnative\Tasks\RocketTab;fs
    C:\Program Files (x86)\Search Extensions;fs
    "C:\WINDOWS\SysNative\tasks\RocketTab;f
    C:\WINDOWS\SysNative\tasks\RocketTab Update Task;f
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
    "{7694A591-7B5D-4337-9DE0-2EF556344B78}"=-;r
    autoclean;
    emptyfolderscheck;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

Next,
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Next,
Note: The log can also be found in here: C:\AdwCleaner\

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Start 51a612a8b27e2-Zoek.pngZoek.exe again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 26 November 2014 - 09:04 AM

I will be editing this post after finishing each step, so please bear with me a little.

 

Zoek log after removing Rocket Tab

 

Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Gede A on Wed 11/26/2014 at 20:19:30.14.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GEDE ANANDA\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-11-26-005744.log 97325 bytes
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Simpoe deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\DassaultSystemes deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-207111367-423552153-1767806344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FC93DEAC-7183-4F3E-AB0A-E73517EA197A} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Registry Fix Code ======================
 
Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] 
"{7694A591-7B5D-4337-9DE0-2EF556344B78}"=- 
 
==== Deleting Files \ Folders ======================
 
C:\WINDOWS\Sysnative\Tasks\RocketTab Update Task not found
C:\WINDOWS\Sysnative\Tasks\RocketTab not found
""C:\WINDOWS\SysNative\tasks\RocketTab" not found
"C:\WINDOWS\SysNative\tasks\RocketTab Update Task" not found
C:\Program Files (x86)\Search Extensions deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\GEDE ANANDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted
C:\PROGRA~3\MakeMarkerFile.exe deleted
"C:\PROGRA~2\Internet Download Manager\IDMan.exe" deleted
"C:\PROGRA~2\Internet Download Manager\idmmkb.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IDMNetMon64.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IDMShellExt64.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IEMonitor.exe" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted
"C:\PROGRA~2\Internet Download Manager" not deleted
"C:\PROGRA~3\boost_interprocess" not deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com" [05/23/2014 07:33 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc@internetdownloadmanager.com"="C:\Users\GEDE ANANDA\AppData\Roaming\IDM\idmmzcc5" [01/20/2014 11:59 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\GEDEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\cp7yiw0f.default
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\GEDE ANANDA\AppData\Roaming\Mozilla\Firefox\Profiles\cp7yiw0f.default
4A04CF5A1C5149A39AFC4CB09DA6F7DF - C:\Users\GEDE ANANDA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[05/02/2013 05:13 PM]
jmolcgpienlcieaajfkkdamlngancncm - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[05/02/2013 05:13 PM]
 
Missing e - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
Google Voice Search Hotword (Beta) - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
IDM Integration - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm
IDM Integration - GEDE ANANDA\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmolcgpienlcieaajfkkdamlngancncm
 
==== Chromium Fix ======================
 
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vocaloidlyrics.wikia.com_0.localstorage deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vocaloidlyrics.wikia.com_0.localstorage-journal deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mightydeals.com_0.localstorage deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mightydeals.com_0.localstorage-journal deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm deleted successfully
C:\Users\GEDE ANANDA\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmolcgpienlcieaajfkkdamlngancncm deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmolcgpienlcieaajfkkdamlngancncm deleted successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{FC93DEAC-7183-4F3E-AB0A-E73517EA197A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC93DEAC-7183-4F3E-AB0A-E73517EA197A}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{7694A591-7B5D-4337-9DE0-2EF556344B78} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-207111367-423552153-1767806344-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_USERS\S-1-5-21-207111367-423552153-1767806344-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_USERS\S-1-5-21-207111367-423552153-1767806344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7694A591-7B5D-4337-9DE0-2EF556344B78} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jmolcgpienlcieaajfkkdamlngancncm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GEDE ANANDA\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\GEDE ANANDA\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\GEDE ANANDA\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\GEDE ANANDA\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\GEDE ANANDA\AppData\Local\Mozilla\Firefox\Profiles\cp7yiw0f.default\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\GEDE ANANDA\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=254 folders=89 46641595 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\GEDE ANANDA\AppData\Local\Temp will be emptied at reboot
C:\Users\MSSQLSERVER\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\GEDEAN~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\PROGRA~2\Internet Download Manager"  not found
"C:\PROGRA~3\boost_interprocess"  not deleted
 
==== EOF on Wed 11/26/2014 at 21:01:29.99 ======================
 
*EDIT* AdwCleaner log
 
# AdwCleaner v4.102 - Report created 26/11/2014 at 22:09:41
# Updated 23/11/2014 by Xplode
# Database : 2014-11-26.1 [Live]
# Operating System : Windows 8.1 Single Language  (64 bits)
# Username : Gede A - HOLLOWTREE
# Running from : C:\Users\GEDE ANANDA\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v25.0 (en-US)
 
 
-\\ Google Chrome v
 
 
-\\ Opera v17.0.1241.45
 
 
*************************
 
AdwCleaner[R0].txt - [1295 octets] - [26/11/2014 22:02:12]
AdwCleaner[S0].txt - [1189 octets] - [26/11/2014 22:09:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1249 octets] ##########
 
*EDIT* Here's the JRT log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8.1 Single Language x64
Ran by Gede A on Wed 11/26/2014 at 22:23:36.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\GEDE ANANDA\AppData\Roaming\mozilla\firefox\profiles\cp7yiw0f.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/26/2014 at 22:26:03.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
*EDIT* And here's the zoek log after running JRT
 
Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Gede A on Wed 11/26/2014 at 22:33:26.10.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GEDE ANANDA\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-11-26-005744.log 97325 bytes
C:\zoek-results2014-11-26-140130.log 12307 bytes
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\AHA Dialer\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\SMARTFREN\C+WEject.exe
C:\Program Files\esia max-d MC400\C+WEject.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\windows\SysWOW64\innosvcd.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GEDE ANANDA\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3978 MB
CPU Info: Intel® Core™ i5-3337U CPU @ 1.80GHz
CPU Speed: 1797.1 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Evolve Virtual Ethernet Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Hosted Network Virtual Adapter | TAP-Windows Adapter V9 | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485WB-EG Wireless Network Adapter | LogMeIn Hamachi Virtual Ethernet Adapter
CD / DVD Drives: 1x (E: | ) E: EZBSYS  ISO CDVD DRIVE
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Mouse Present
Hard Disks: C:  444.9GB
Hard Disks - Free: C:  90.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE |  | SECCSD - 1072009
Time Zone: SE Asia Standard Time
Motherboard *: SAMSUNG ELECTRONICS CO., LTD. NP530U4E-S01ID
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Google Chrome 39.0.2171.71
Internet Explorer Version: 11.0.9600.17126 
Mozilla Firefox version: 25.0 (x86 en-US)
Opera Browser version: 17.0.1241.45
Adobe Reader version: 10.1.3.23
Sun Java version: 1.7.0_55 (32-bit) 
Flash Player version: 15.0.0.239
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\GEDEAN~1\AppData\Local\Temp ====
2014-11-26 15:23:03 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\libiconv2.dll
2014-11-26 15:23:03 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\libintl3.dll
2014-11-26 15:23:03 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\pcre3.dll
2014-11-26 15:23:03 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\regex2.dll
2014-11-26 15:23:03 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-11-26 01:15:08 8177334A698491387FB1F7ADE05A8D22 4443312 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-11-12 16:03:47 BF41DD04598870EA08D306A002EEB9DD 45656 ----a-w- C:\WINDOWS\SysWOW64\perf-MSSQL11.MSSQLSERVER-sqlagtctr.dll
2014-11-12 16:03:23 15440354A273D479AA359F30C5922D35 1092390 ----a-w- C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-11-12 16:03:22 0AA6629F94E3FE8E81100D40D6F7D0E8 82520 ----a-w- C:\WINDOWS\SysWOW64\perf-MSSQLSERVER-sqlctr11.0.2100.60.dll
2014-11-12 16:03:12 3FE6F1234DBE0C5F3A17CA329C1A9641 69208 ----a-w- C:\WINDOWS\SysWOW64\fssres.dll
2014-11-12 16:03:12 1130EF1F3D0F6080ECCAA9DBD4CAB626 147032 ----a-w- C:\WINDOWS\SysWOW64\hadrres.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2014-11-03 11:12:12 186AD2DF9B3323DF4637A5EA65B6F49A 46136 ---ha-w- C:\WINDOWS\Sysnative\drivers\Hamdrv.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-23 01:48:27 -------- d-----w- C:\PROGRA~2\Microsoft Chart Controls
======= C: =====
====== C:\Users\GEDE ANANDA\AppData\Roaming ======
2014-11-26 13:44:44 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp
2014-11-26 13:44:44 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp
2014-11-26 13:44:43 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Local\Temp
2014-11-26 13:44:43 -------- d-----w- C:\Users\GEDE ANANDA\AppData\Local\Temp
2014-11-26 13:44:43 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-11-26 13:44:43 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-11-26 03:41:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temptable.xml
2014-11-22 16:24:01 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
2014-11-22 16:24:01 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-11-22 16:18:50 -------- d-----w- C:\Users\GEDE ANANDA\AppData\Locallow\Apple Computer
2014-11-12 16:03:50 -------- d-s---w- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Local\Microsoft Help
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\AppData\Local\Microsoft
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-12 15:53:00 -------- d-----w- C:\Users\GEDE ANANDA\AppData\Local\Microsoft_Corporation
2014-11-06 13:31:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\debuggee.mdmp
====== C:\Users\GEDE ANANDA ======
2014-11-26 15:20:18 8573E3C2603DD23E1A8DE3177D146D18 1707532 ----a-w- C:\Users\GEDE ANANDA\Desktop\JRT.exe
2014-11-26 14:11:59 5A6F21141B846BD3CE1ED0BD0F19C3AF 2148864 ----a-w- C:\Users\GEDE ANANDA\Desktop\AdwCleaner.exe
2014-11-26 13:48:34 -------- d-----w- C:\ProgramData\boost_interprocess
2014-11-22 16:25:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Videos
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Searches
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Saved Games
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Pictures
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\OneDrive
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Music
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Links
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Favorites
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Downloads
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Documents
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Desktop
2014-11-22 16:24:01 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Contacts
2014-11-12 16:03:52 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\MSSQLSERVER\ntuser.ini
2014-11-12 16:03:50 -------- d--h--w- C:\Users\MSSQLSERVER\AppData
2014-11-12 16:03:50 -------- d-----w- C:\Users\MSSQLSERVER\Saved Games
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Videos
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Pictures
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Music
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Links
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Favorites
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Downloads
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Documents
2014-11-12 16:03:50 -------- d-----r- C:\Users\MSSQLSERVER\Desktop
2014-11-12 15:28:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2014-11-04 13:03:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-11-04 13:03:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
 
====== C: exe-files ==
2014-11-26 15:23:03 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-11-26 15:20:18 8573E3C2603DD23E1A8DE3177D146D18 1707532 ----a-w- C:\Users\GEDE ANANDA\Desktop\JRT.exe
2014-11-26 14:11:59 5A6F21141B846BD3CE1ED0BD0F19C3AF 2148864 ----a-w- C:\Users\GEDE ANANDA\Desktop\AdwCleaner.exe
2014-11-26 01:19:20 9D83E2859AC027E8C505CB4D1931AF47 1117264 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe
2014-11-26 01:15:08 8177334A698491387FB1F7ADE05A8D22 4443312 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-25 01:47:59 7AEDDC1A55682B74EA03E81C1527D8F7 2118144 ----a-w- C:\Users\GEDE ANANDA\Downloads\Programs\FRST64_2.exe
2014-11-25 01:44:58 8E33AD0CBF8DCA875D691B4BC4BE8BC8 1110016 ----a-w- C:\Users\GEDE ANANDA\Downloads\Programs\FRST.exe
2014-11-23 16:55:45 165EDEED8A0FBE3DCA86D823C4516081 3122248 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\pbsvc_hos.exe
2014-11-22 16:17:47 308E0C5F86214591E9BD32F9AD536208 39401336 ----a-w- C:\Users\GEDE ANANDA\Downloads\Programs\QuickTimeInstaller.exe
=== C: other files ==
2014-11-26 15:23:03 F69854EA9F4462090B0AEBB3723881B5 14957 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\get.bat
2014-11-26 15:23:03 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\prelim.bat
2014-11-26 15:23:03 DF7FA1F19DECC2671D46B33E6B1C0785 190133 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\misc.bat
2014-11-26 15:23:03 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\TDL4.bat
2014-11-26 15:23:03 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\medfos.bat
2014-11-26 15:23:03 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\surfvox.bat
2014-11-26 15:23:03 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\searchlnk.bat
2014-11-26 15:23:03 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\firefox.bat
2014-11-26 15:23:03 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\ev_clear.bat
2014-11-26 15:23:03 6D12411EDA5A8EFC2018F64A6860BB78 10606 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\runvalues.bat
2014-11-26 15:23:03 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\ask.bat
2014-11-26 15:23:03 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\iexplore.bat
2014-11-26 15:23:03 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\delfolders.bat
2014-11-26 15:23:03 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\mws.bat
2014-11-26 15:23:03 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\Temp\jrt\chrome.bat
2014-11-26 05:36:13 4B2777026759AE784342CA703F03E70C 3460 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141126123610_21.2.0.0050.zip
2014-11-26 03:10:58 BD52668EF939CB497B419F742FD65B98 1816 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141126101057_21.2.0.0050.zip
2014-11-25 17:20:19 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141126002017_21.2.0.0050.zip
2014-11-25 17:10:53 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141126001050_21.2.0.0050.zip
2014-11-25 16:57:13 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125235711_21.2.0.0050.zip
2014-11-25 16:56:30 60A9503BF8A713575213CFC88F621BD4 2507 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125235627_21.2.0.0050.zip
2014-11-25 16:40:54 364B013F1CB3B681967C0A65B3A404CF 2833 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125234051_21.2.0.0050.zip
2014-11-25 15:37:55 6406BD983828ABEE824088D6BD9AB045 1997 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125223752_21.2.0.0050.zip
2014-11-25 03:59:01 7F274A2B8FDEB11734267AE8350D180A 1819 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125105859_21.2.0.0050.zip
2014-11-25 03:58:05 152C576C7D156A6D2006178E70BCE862 5710 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141125105801_21.2.0.0050.zip
2014-11-24 16:19:00 CC298420A1AE6977E6D907A7F83C09BA 80949853 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan\ferdy.zip
2014-11-24 16:18:41 781B77921F4B4B8F7508E602A21DDD65 76877553 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan\Jeffry.zip
2014-11-24 16:18:30 393F775EA34A677B08852AE2B816DA06 33997250 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan\Vivi.zip
2014-11-24 16:07:37 F13419092701C04A8CD674A27390F80D 191272982 ----a-w- C:\Users\GEDE ANANDA\Downloads\Modul 6\file praktikan.zip
2014-11-20 09:31:02 C16BCC3A8A232191B71BE7B22592FFCB 3113 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141120163059_21.2.0.0050.zip
2014-11-20 05:20:14 2D34AFC7B08AD930F180EF33147BA538 3239 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141120122012_21.2.0.0050.zip
2014-11-19 23:21:00 D58B63A3CF459D35C86B30853A868E4D 12876 ----a-w- C:\Users\GEDE ANANDA\AppData\Local\SolidWorks\CXPA\20141120062054_21.2.0.0050.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-207111367-423552153-1767806344-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GarenaPlus"="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe -autolaunch"
"SanDiskSecureAccess_Manager.exe"="C:\Users\GEDE ANANDA\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"
"EvolveClient"="C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GarenaPlus"="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe -autolaunch"
"SanDiskSecureAccess_Manager.exe"="C:\Users\GEDE ANANDA\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"
"EvolveClient"="C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "
"RtHDVBg_SRSSA"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA"
"BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Bitcasa"="C:\Program Files\Bitcasa\Bitcasa.exe /startup"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
 
==== Startup Folders ======================
 
2013-07-03 13:49:12 1266 ----a-w- C:\Users\GEDE ANANDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2014-01-18 09:02:06 1730 ----a-w- C:\Users\GEDE ANANDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
2014-02-06 02:44:59 2753 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001Core.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001UA.job --a-------- [Undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\WINDOWS\SysNative\tasks\FFSRConfigurer" ["C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001Core" [C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-207111367-423552153-1767806344-1001UA" [C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe"]
"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{517157BB-EA78-488D-A996-4C1BCF8DDD4F}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com" [05/23/2014 07:33 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc@internetdownloadmanager.com"="C:\Users\GEDE ANANDA\AppData\Roaming\IDM\idmmzcc5" [01/20/2014 11:59 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\GEDEAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\cp7yiw0f.default
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\GEDE ANANDA\AppData\Roaming\Mozilla\Firefox\Profiles\cp7yiw0f.default
8303B3CEC05500F763B4FA75210598BB - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Users\GEDE ANANDA\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
4A04CF5A1C5149A39AFC4CB09DA6F7DF - C:\Users\GEDE ANANDA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[05/02/2013 05:13 PM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[05/02/2013 05:13 PM]
 
Google Docs - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Missing e - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
Google Voice Search Hotword (Beta) - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Wallet - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - GEDE ANANDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\GEDE ANANDA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\GEDE ANANDA\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SolidWorks 2013 Fast Start.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AHA Dialer. OUC (AHA Dialer. RunOuc) - Unknown owner - C:\Program Files (x86)\AHA Dialer\UpdateDog\ouc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CDROM_Eject_C - Unknown owner - C:\Program Files\SMARTFREN\C+WEject.exe
O23 - Service: CDROM_Eject_W - Unknown owner - C:\Program Files\esia max-d MC400\C+WEject.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - C:\Program Files\Echobit\Evolve\EvoSvc.exe
O23 - Service: ExpressCache - Condusiv Technologies - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Innosvcd - INNORIX - C:\windows\SysWOW64\innosvcd.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Solver for Flow Simulation 2013 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=254 folders=89 46641595 bytes)
 
==== EOF on Wed 11/26/2014 at 22:38:23.52 ======================

Edited by meister99, 26 November 2014 - 10:40 AM.


#6 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 26 November 2014 - 10:42 AM

All right, I've posted all the logs needed in the previous post



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 26 November 2014 - 02:41 PM

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 27 November 2014 - 11:15 AM

Hi, I tried running ESET and it wanted to install the addon "OnlineScanner.cab" instead of ActiveX. Is this normal? I'm a little paranoid



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 27 November 2014 - 12:12 PM

It's ok.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 28 November 2014 - 07:47 PM

Hi, I've finished running ESET but my laptop crashed from lack of memory before I could export the log as .txt file. I do remember it saying it found and removed 4 threats. Should I do another run? Sorry for replying twice without the log



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 29 November 2014 - 07:10 AM

A log should be located here: C:\Program Files\EsetOnlineScanner\log.txt
or
here: C:\Program Files(x86)\EsetOnlineScanner\log.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 November 2014 - 11:27 AM

I found the log, and this is the only log i found but I'm not sure it's what you want

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 29 November 2014 - 01:33 PM

Where have you found it?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 meister99

meister99
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 November 2014 - 10:20 PM

in here C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:46 PM

Posted 30 November 2014 - 05:43 AM

Does a log exist here: C:\Program Files\EsetOnlineScanner\log.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users