Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop is a mess. Little Brother was gaming [Solved]


  • This topic is locked This topic is locked

#1
Triskelion

Triskelion

    Member

  • Member
  • PipPipPip
  • 652 posts

My co-worker came to me with her laptop and said it was a mess.

Apparently her little brother is a gamer and like to dload just about anything.

 

She asked if I could take a look at it as it seems the laptop is just a mess now.\

 

OTL Log:

 

OTL logfile created on: 7/21/2014 10:36:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lauren\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.95 Gb Total Physical Memory | 3.64 Gb Available Physical Memory | 61.21% Memory free
11.90 Gb Paging File | 9.43 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 672.82 Gb Total Space | 61.62 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive D: | 25.62 Gb Total Space | 6.24 Gb Free Space | 24.35% Space Free | Partition Type: NTFS
Drive K: | 198.00 Mb Total Space | 159.82 Mb Free Space | 80.72% Space Free | Partition Type: NTFS
 
Computer Name: LAUREN-HP | User Name: Lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/21 10:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
PRC - [2014/07/15 03:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/09 20:48:08 | 001,216,520 | ---- | M] (TorchMedia Inc.) -- C:\Users\Lauren\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2014/06/28 07:57:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/06/17 16:18:02 | 005,179,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/02/25 19:38:48 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/03 05:47:30 | 003,161,648 | ---- | M] (VS Revo Group) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
PRC - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/13 21:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/04 07:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/06 01:06:46 | 000,263,496 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/05/06 01:06:28 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/05/06 01:06:02 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/22 14:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 14:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 03:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 03:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 03:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 03:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 03:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/05/20 04:11:16 | 008,892,072 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2014/03/04 02:36:56 | 001,011,320 | ---- | M] () -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/19 03:56:34 | 002,356,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/04 02:37:04 | 002,541,688 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd)
SRV:64bit: - [2014/02/23 19:45:53 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2011/05/27 13:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/05/27 13:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/02 16:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/05/02 16:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/05/02 16:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/04/21 10:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/04/21 09:42:50 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/07/09 21:33:33 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/09 20:48:08 | 001,216,520 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Lauren\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2014/06/30 15:46:52 | 000,542,400 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/28 07:57:52 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/06/05 22:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/02/28 14:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/02/25 19:38:48 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2014/01/30 11:46:10 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/24 12:46:23 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/13 21:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/06 01:06:46 | 000,263,496 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 18:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/22 14:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 14:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/06/21 14:11:57 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/06/17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/17 16:06:22 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/05/14 15:08:16 | 000,125,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/04/25 12:45:43 | 000,129,856 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2014/03/31 07:28:36 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/03/26 19:00:14 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/03/20 12:47:55 | 000,049,952 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/03/06 22:18:06 | 011,527,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2014/03/04 02:37:06 | 000,041,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys -- (SBUpdd)
DRV:64bit: - [2013/12/05 01:32:36 | 000,551,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/11/21 03:59:28 | 000,040,696 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013/08/22 23:11:00 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/14 22:17:46 | 000,021,600 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/21 20:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/12 17:18:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/12 17:18:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/27 13:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 13:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/21 10:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/04/21 10:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/03/24 18:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/22 05:54:22 | 000,351,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 07:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 05:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{67BEB0E5-6B31-4D2E-A769-000C5FA712E0}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.c...q={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{19E2B84A-76AB-4A61-83E6-7CD18211855F}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{267BB848-E6E8-46A7-A0B6-8E0123B74611}: "URL" = http://search.condui...PV=SSPV_AB_IE_1
IE - HKCU\..\SearchScopes\{3C3DCC02-C1F9-44CC-8A57-3EB6F6FA3376}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{3F66891D-B10C-45FD-9D4A-226A6165CEFB}: "URL" = http://search.condui...4215271082&UM=2
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{803427AC-4E9B-4306-ABCD-EB550F28BAD9}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "http://go.speedbit.c...x?s=Unknown&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\TorchVLC: C:\Users\Lauren\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Lauren\AppData\Local\Roblox\Versions\version-459b702c887942d4\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lauren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{193fe82a-c958-450c-8097-de926f5db967}: C:\Program Files (x86)\LyricSing\130.xpi
 
[2014/07/20 23:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2014/04/06 19:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\extensions
[2014/03/21 18:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/09/25 18:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/08/15 13:55:54 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/12/30 09:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/03/21 18:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2014/07/21 00:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\no6ndkj8.default\extensions
[2012/07/31 05:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2014/07/21 00:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/07/21 00:10:10 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/07/20 23:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/20 23:41:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_2\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.8_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9930_0\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_23\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnhjmhhejnacfimcjhjbcphfnndhfec\3_2\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooemofofigijedhcifaimglnncjmckaa\1.0.4_1\
CHR - Extension: No name found = C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/05/09 17:49:35 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5A7CED7E60360B541D5D45B04E2E9E47] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://192.168.1.81/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B725F0B-F1CB-4FDD-B78A-022C5481E817}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B725F0B-F1CB-4FDD-B78A-022C5481E817}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{793896C3-8F38-4F2C-B90E-657290EA101E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2013 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2013 {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/03/11 15:23:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/10/22 20:54:17 | 000,036,159 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/21 10:34:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2014/07/21 10:02:32 | 000,656,048 | ---- | C] (WildTangent, Inc.) -- C:\ProgramData\uninstall152383.exe
[2014/07/21 09:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/21 09:55:04 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/20 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/07/18 21:50:34 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Documents\TurboTax
[2014/07/18 21:33:35 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Desktop\SAVED ITEMS!!!
[2014/07/08 00:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler
[2014/06/29 11:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
[2014/06/29 11:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.4
[2014/06/29 07:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2014/06/27 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/06/27 22:18:29 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Downloaded Installations
[2014/06/27 22:12:37 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014/06/27 22:12:37 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014/06/27 22:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2014/06/27 22:11:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2014/06/25 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\MigWiz
[2014/06/25 17:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderTransfer
[2014/06/22 20:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Validity
[2014/06/22 20:03:47 | 002,693,240 | ---- | C] (Validity Sensors, Inc.) -- C:\Windows\SysNative\vcsAPIFORWBF.dll
[2014/06/21 16:18:15 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Documents\Any Audio Converter
[2014/06/21 16:17:55 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Documents\Temp
[2014/06/21 14:18:08 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Oberon Games
[2014/06/21 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vesuvia
[2014/06/21 14:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vesuvia
[2014/06/21 14:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vesuvia
[2014/06/21 12:18:19 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Jewel Match 4
[2014/06/21 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Match IV
[2014/06/21 12:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match IV
[2014/06/21 12:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jewel Match IV
[2013/01/20 19:57:50 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Lauren\AppData\Local\winlogon.exe
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Users\Lauren\AppData\Local\*.tmp files -> C:\Users\Lauren\AppData\Local\*.tmp -> ]
[1 C:\Users\Lauren\Documents\*.tmp files -> C:\Users\Lauren\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/21 10:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2014/07/21 10:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/21 10:11:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/21 10:05:48 | 000,032,064 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/21 10:05:48 | 000,032,064 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/21 10:01:00 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2014/07/21 09:55:05 | 000,001,226 | ---- | M] () -- C:\Users\Lauren\Desktop\Revo Uninstaller.lnk
[2014/07/21 09:13:40 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/21 09:13:40 | 000,669,734 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/21 09:13:40 | 000,128,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/21 08:59:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/21 00:10:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/21 00:10:05 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/20 23:41:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/07/20 23:16:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLauren.job
[2014/07/20 18:31:03 | 000,002,232 | -H-- | M] () -- C:\Users\Lauren\Documents\Default.rdp
[2014/07/12 13:46:55 | 000,000,132 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/07/08 10:50:43 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/07/08 10:50:43 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/07/08 10:38:17 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/07/08 10:31:57 | 000,001,278 | ---- | M] () -- C:\Users\Lauren\Desktop\Far Cry 3 Language Selector-=AviaRa=-.lnk
[2014/06/29 07:28:02 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/06/28 07:57:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/06/27 22:12:37 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014/06/27 22:12:37 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014/06/27 07:51:29 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SBW_UpdateTask_Time_323835363539383132302d2337785a326c5b3234342d41.job
[2014/06/25 18:03:47 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/06/23 15:28:02 | 000,007,602 | ---- | M] () -- C:\Users\Lauren\AppData\Local\Resmon.ResmonCfg
[2014/06/22 20:03:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/06/21 19:39:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/06/21 14:17:58 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Play Vesuvia.lnk
[2014/06/21 14:17:58 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/06/21 14:11:57 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Users\Lauren\AppData\Local\*.tmp files -> C:\Users\Lauren\AppData\Local\*.tmp -> ]
[1 C:\Users\Lauren\Documents\*.tmp files -> C:\Users\Lauren\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/21 09:55:05 | 000,001,226 | ---- | C] () -- C:\Users\Lauren\Desktop\Revo Uninstaller.lnk
[2014/07/20 23:41:55 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/07/20 23:41:55 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/07/20 16:24:12 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLauren.job
[2014/07/08 10:31:57 | 000,001,278 | ---- | C] () -- C:\Users\Lauren\Desktop\Far Cry 3 Language Selector-=AviaRa=-.lnk
[2014/06/29 07:28:01 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/06/22 20:03:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/06/21 14:17:58 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Play Vesuvia.lnk
[2014/06/21 12:12:29 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/06/20 07:14:45 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2014/06/20 07:14:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/06/20 07:14:39 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2014/05/28 20:02:34 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2014/05/12 18:39:29 | 000,000,132 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2014/01/02 13:54:04 | 000,034,816 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\RZR_00701a7d456ba46436dfc2222969.db
[2013/12/28 20:46:16 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\javaw
[2013/12/28 19:16:42 | 000,410,624 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\RZR_00703a4540558025c93591504cb0.db
[2013/12/18 19:53:01 | 000,000,128 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\WB.CFG
[2013/11/27 18:31:22 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Local\{9877CDC8-626C-4864-A821-F2E276113633}
[2013/11/27 18:29:11 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Local\{EDF0F630-27FF-4779-9B97-A965D17F3EFC}
[2013/11/20 18:09:20 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Local\{1ECD1FD9-4622-421E-8A7A-B05EBD077335}
[2013/10/21 12:57:19 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/10/09 15:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Local\{F080E1EB-EE07-4988-AAE9-AB758E5BDC38}
[2013/10/09 15:18:44 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Local\{D4206352-7551-42F2-9705-193F53308133}
[2013/10/09 15:16:44 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Local\{2054BEA7-44AB-4AEF-9AAA-32386B9C234B}
[2013/10/08 16:07:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/23 18:53:44 | 000,017,901 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/06 13:08:32 | 000,014,238 | ---- | C] () -- C:\Users\Lauren\AppData\Local\WiDiSetupLog.20130906.130832.wdl
[2013/08/27 10:57:08 | 000,000,622 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\ZoombiesUniversalLauncher.xml
[2013/08/22 09:19:49 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013/08/12 08:34:47 | 000,000,023 | ---- | C] () -- C:\Users\Lauren\jagexappletviewer.preferences
[2013/07/01 22:03:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/06/27 07:56:12 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/06/27 07:56:12 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/06/08 19:25:00 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2013/05/26 12:01:55 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2013/05/24 07:54:05 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/24 07:54:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/20 19:26:39 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2013/05/19 09:35:20 | 000,000,000 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Y4KJ1X0RYdfhsfed.bat
[2013/05/19 01:29:52 | 000,000,229 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\09M9DEdfhsfed.bat
[2013/05/15 17:22:00 | 000,007,602 | ---- | C] () -- C:\Users\Lauren\AppData\Local\Resmon.ResmonCfg
[2013/05/06 15:51:24 | 000,000,110 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\5R8ON2DG3OUdef.bat
[2013/03/20 16:26:20 | 000,003,335 | ---- | C] () -- C:\Users\Lauren\profiles.xml
[2013/03/08 15:43:48 | 000,000,045 | ---- | C] () -- C:\Users\Lauren\jagex_cl_runescape_LIVE.dat
[2013/03/08 15:43:48 | 000,000,024 | ---- | C] () -- C:\Users\Lauren\random.dat
[2013/03/05 17:14:14 | 000,000,258 | RHS- | C] () -- C:\Users\Lauren\ntuser.pol
[2013/02/21 20:28:05 | 000,000,132 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/26 22:23:27 | 000,021,504 | ---- | C] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/20 14:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/24 22:48:51 | 000,703,117 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\technic-launcher.jar
[2012/12/24 22:48:51 | 000,703,007 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\technic-launcher.jar.bak
[2012/05/21 14:14:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2006/05/02 07:55:01 | 000,027,160 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\Laurenlog.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/21 11:36:24 | 000,000,000 | -HSD | M] -- C:\Users\Lauren\AppData\Roaming\.#
[2014/05/12 16:09:53 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\.minecraft
[2013/01/27 00:00:58 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\.mono
[2013/06/30 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\.Nitrous
[2013/08/27 12:08:17 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\.StarMade
[2014/05/12 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\.technic
[2013/05/23 20:36:05 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\.techniclauncher
[2013/04/24 19:54:29 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\3909 LLC
[2013/12/22 22:53:41 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\8BitMMO
[2012/07/17 11:24:47 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\8floor
[2013/09/18 02:56:45 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\A2 Entertainment
[2014/04/15 10:16:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acoustica
[2013/04/22 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\AirlineBaggageMania Deluxe
[2013/09/18 01:32:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\aliasworlds
[2012/08/08 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Anino Games
[2013/07/26 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Anuman
[2014/06/21 16:17:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\AnvSoft
[2012/06/08 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Arkadium
[2014/05/23 21:09:54 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Arrowhead
[2013/06/09 07:37:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Atari
[2013/08/04 15:53:54 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Audacity
[2014/05/12 18:06:42 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\AVG
[2013/12/27 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\AVG2014
[2013/04/07 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Awem
[2014/02/15 16:07:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Awesomium
[2014/04/02 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Azureus
[2013/03/20 15:23:35 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BeachPartyCraze
[2012/12/05 10:13:39 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BlamGames
[2012/08/09 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\blg
[2013/08/19 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BlooBuzz
[2013/10/14 18:18:27 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\bosonx
[2012/04/14 17:33:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BSD
[2013/12/01 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\cerasus.media
[2014/03/23 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\com.valve.FTP
[2012/08/31 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Crown
[2012/08/02 16:41:19 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\dekovir
[2013/09/09 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\digipen
[2012/04/14 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\DiskAid
[2012/08/10 13:46:47 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\DivoGames
[2014/04/15 19:03:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\DMCache
[2013/04/07 10:03:11 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Elephant Games
[2014/03/02 15:44:58 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\ERS G-Studio
[2014/05/18 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Factorio
[2012/08/21 20:58:21 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Farm Girl at the Nile
[2012/08/11 07:06:59 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Farm Mania 2
[2012/07/18 12:32:40 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Farm Mania 2.1
[2012/07/17 10:15:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\FarmFables
[2013/09/06 12:44:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Fatshark
[2014/04/14 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\FDRLab
[2013/04/24 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\freshgames
[2013/02/01 14:10:57 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Full Control
[2013/09/16 10:01:28 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\game
[2012/08/24 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Gamelab
[2013/04/22 17:58:35 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\GamesCafe
[2012/08/23 12:26:20 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\GoldSunGames
[2013/08/19 21:21:21 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\HipSoft
[2013/07/16 10:07:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Hive Cluster
[2014/05/04 19:57:53 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\IObit
[2013/03/21 14:11:23 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Islands
[2013/03/21 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Islands2
[2013/03/21 11:59:19 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Islands3
[2013/03/22 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\island_tribe_4_realore_bfg_en
[2012/08/30 11:52:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Jane s Hotel 3
[2013/04/07 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Jewel Match 3
[2014/06/21 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Jewel Match 4
[2012/08/21 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Jumb-O-Fun Games
[2013/02/14 23:45:47 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Kalypso Media
[2012/10/20 09:37:25 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Kutawaves Games
[2012/12/24 02:15:14 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Leadertech
[2012/08/02 14:02:42 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\LegacyGames
[2013/10/18 14:39:20 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\LegacyInteractive
[2013/08/19 23:37:08 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Liam games
[2013/07/18 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\library_dir
[2013/05/23 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\logs
[2012/07/17 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Ludia
[2012/08/27 13:10:58 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2013/09/16 10:01:28 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Meridian93
[2014/02/14 11:04:07 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\minecraft
[2013/12/05 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Natural Selection 2
[2013/11/08 15:50:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Need for Speed World
[2013/08/25 01:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Nekobolt
[2013/08/25 02:32:15 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\NevoSoft Games
[2013/01/27 00:57:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Nico Mak Computing
[2013/03/20 13:21:00 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Nitreal Games
[2013/08/25 06:14:13 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Nordcurrent
[2013/07/04 14:26:43 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\northern_tale_bfg_en
[2013/12/28 10:50:36 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Notepad++
[2013/07/27 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Oracle
[2013/11/08 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Origin
[2013/12/30 14:17:51 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\OverDrive
[2014/03/01 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Palaplay
[2012/06/14 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Ph03nixNewMedia
[2013/06/04 00:43:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PlayFirst
[2012/07/18 11:19:46 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\playmink
[2012/07/31 14:52:15 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Playrix Entertainment
[2013/02/16 13:54:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Publish Providers
[2013/09/29 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\raidcall
[2013/07/12 00:29:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Rainbow
[2013/10/04 12:35:31 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Raptr
[2013/09/01 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Red Alert 3 Uprising
[2012/12/07 16:22:18 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Rumbic Studio
[2013/03/20 14:22:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Sandlot Games
[2014/03/11 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Secure Bit Technologies Pvt. Ltd
[2013/01/13 23:58:36 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SoftGrid Client
[2013/02/16 16:54:30 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Sony
[2014/05/09 15:34:40 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SpaceEngineers
[2013/06/06 18:01:27 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SpinTires
[2013/01/28 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SplitMediaLabs
[2013/07/19 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Spore
[2013/04/22 15:42:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SulusGames
[2014/04/15 10:16:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SynthMaker
[2014/03/20 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SystemRequirementsLab
[2013/01/26 23:29:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\TFP
[2012/01/30 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\TP
[2014/06/11 22:12:07 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Tropico 5
[2014/06/26 15:01:00 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\TS3Client
[2013/12/27 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\TuneUp Software
[2013/09/01 23:42:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Tunngle
[2013/04/19 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Unity
[2014/05/02 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Unkn0wns Texture Installation Tool
[2013/07/04 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\viking_saga_bfg_en
[2012/08/31 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\ViquaSoft
[2013/06/21 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Wargaming.net
[2013/08/20 01:16:13 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WendigoStudios
[2012/12/07 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Wildfire
[2014/07/21 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WildTangent
[2013/01/21 18:35:24 | 000,000,000 | RHSD | M] -- C:\Users\Lauren\AppData\Roaming\WinDir
[2012/07/26 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Windows Live Writer
[2013/01/27 00:57:47 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\WinZip
[2013/06/03 17:13:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\World-LooM
[2013/03/14 15:12:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\YoudaGames
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/05/13 17:22:13 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?9?;lotserviceruntime.log) -- C:\Windows\SysWow64\ꠠ9♨;lotserviceruntime.log
[2013/05/13 17:22:13 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?9?;lotserviceruntime.log) -- C:\Windows\SysWow64\ꠠ9♨;lotserviceruntime.log
[2013/03/13 21:16:24 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?V?Ylotserviceruntime.log) -- C:\Windows\SysWow64\울V䧸Ylotserviceruntime.log
[2013/03/13 21:16:24 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?V?Ylotserviceruntime.log) -- C:\Windows\SysWow64\울V䧸Ylotserviceruntime.log
[2013/03/03 03:42:13 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?7?8lotserviceruntime.log) -- C:\Windows\SysWow64\│7鼘8lotserviceruntime.log
[2013/03/03 03:42:13 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?7?8lotserviceruntime.log) -- C:\Windows\SysWow64\│7鼘8lotserviceruntime.log
[2013/02/24 22:40:10 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?H?Ilotserviceruntime.log) -- C:\Windows\SysWow64\울H䃸Ilotserviceruntime.log
[2013/02/24 22:40:10 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?H?Ilotserviceruntime.log) -- C:\Windows\SysWow64\울H䃸Ilotserviceruntime.log
[2013/02/18 22:35:42 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\[email protected]?Hlotserviceruntime.log) -- C:\Windows\SysWow64\㠸@⾰Hlotserviceruntime.log
[2013/02/18 22:35:42 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\[email protected]?Hlotserviceruntime.log) -- C:\Windows\SysWow64\㠸@⾰Hlotserviceruntime.log
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:EFECABA9
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB959782
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:B761039D
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:C69BA1D0
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:6301CE40
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:395F6776
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:82756AB7
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:36608448
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CC7382F6
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:B2D32F1D
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:933D54A9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:D254266B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CC386FD2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:A97FF73C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:84FA02E7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1ADC4BD5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9E0656EC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:639BB5E9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1095ECE1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:0E5CFA74
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EB333CFC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DCB27118
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:68FC22BD
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:56C66609
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5C0940F1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:640DDEFF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:33384BC0
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C82210DD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:701B92FB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4B70A9FA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4149A170
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:7D288858
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F67AAFC5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:7BB584AA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:08DB8D99
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:97B3B270
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:16F2A6FF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:896FF808
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:57173DB4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:05F547A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E0848D16
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5DB4FD98
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3D50E25
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A69FAA24
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8B3C3098
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7ECD9621
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4B244549
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EDE28CFC
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8C81B36D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8967C154
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6E3C585B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B12D1A7D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:014BC3B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:96646EC1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:76466F4C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3C0887BF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:063969F8
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DA18D4E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C86B29EB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A7BB14DF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9547F1DB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4C3504B5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:12A012A1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0C65EA0E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EB5BDBB0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9D5BB34A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:38E2864F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:36A39835
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B3942462
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B285A50E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:436BE28C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A5264343
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:38D2EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EE7AAC75
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D9987109
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6D5A15BF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:69FE2EE4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5F1019FF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:471AD3D0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:2216A431
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D8134D8F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8B69E3C3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:6CEC50B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E0AE69BE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:29C0641D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:0DFE2AE1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A17CCD03
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56F368C9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14FA5E46
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:073139EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D0AB0B4A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:BA24E689
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:54531C7D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DF30C7A6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A3840F5B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5AE33054
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F96D8E6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5A8F8A0C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:52B3B2D1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2CED8825
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCA79AB3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A41FEAA2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:517B507A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:B093E177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:517DBC32
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F422F8F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:708BB0FA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:1B9E79B3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8AA99C0C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:52E1DB1D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:330E66BD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A0C7D68A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:957E9765
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CE6885F1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:37994DBE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A3E39C6A
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:966CEAE7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:18897B1D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:7920E530
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:A2907225
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:49EB0FDC
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:DDEB08FD
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:4EF94CF3
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:27C3CD07
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:059167AF
 
< End of report >
 
Extras:
 

OTL Extras logfile created on: 7/21/2014 10:36:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lauren\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.95 Gb Total Physical Memory | 3.64 Gb Available Physical Memory | 61.21% Memory free
11.90 Gb Paging File | 9.43 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 672.82 Gb Total Space | 61.62 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive D: | 25.62 Gb Total Space | 6.24 Gb Free Space | 24.35% Space Free | Partition Type: NTFS
Drive K: | 198.00 Mb Total Space | 159.82 Mb Free Space | 80.72% Space Free | Partition Type: NTFS
 
Computer Name: LAUREN-HP | User Name: Lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0078505B-76DA-443E-ADB8-8A1F9B0FB63F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0A5D0756-42E6-488A-B4AF-EC147D34AA77}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{10FA1521-D391-4DC2-A294-66AB97840B6C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{15A3973F-4322-4558-ACAB-2572BC55AE23}" = rport=139 | protocol=6 | dir=out | app=system | 
"{15DD760F-54EE-4C78-9DF2-0B0BD858DB55}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2253C1EC-282F-474F-BF1B-B05BD4F752CB}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{2A967050-E865-4721-9DFB-06A5D1FA8515}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port | 
"{39EF714B-0355-4128-801F-C3A9629625C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4254F2CC-C584-4F6B-A8D9-D48C0FD8531B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4EEEBB5D-5C68-4747-B8E5-88E4E558B202}" = rport=445 | protocol=6 | dir=out | app=system | 
"{541F1A66-8310-4D23-A4B4-759CD314E6AF}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{558BBB65-9AEF-4D81-A380-425E993E2B54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{588D23F8-456C-4CFF-80B5-237F53CCAB50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C5CB081-9EAE-49CF-8E98-2D58C036C775}" = lport=80 | protocol=6 | dir=in | app=system | 
"{6F83EF43-09A7-4FD3-9C16-39FB57E23591}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{70A84EB7-E002-4842-B34E-A52C21CED1F3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{75AE2DBD-0E1B-458B-9FDE-ED0716CDC4E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{76004F63-101F-4322-AB9B-7FB18CAB3DB3}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{7634DE2B-7188-43FB-9191-BAC5D7C5CB80}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{76634FA8-04EE-4566-AB80-9232EA8BB579}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port | 
"{810196E7-840F-49CE-8FA9-952EC32AFF48}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{8D64F906-53F4-4068-A56C-F49076FBB907}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8DE19604-8072-4C6E-A41D-1722F61E6B59}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E7B1018-3334-4AAA-9337-4C30F223E646}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{9AEA9DB1-A46B-4849-B65E-91F9053DA571}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{A8109C28-E66E-45EC-B2E7-668DF3BE5296}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5C44223-DB8E-45DA-A5C0-5B18C8DACA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD4BDBE1-254D-43DF-857C-67E1E9A754D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2724E91-DD83-45D8-BDE1-E5A780F78EC6}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\remotecrashsender.exe | 
"{CAA8DD4F-D4FE-4B72-A4F8-C640001901DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{CFD12FB0-D05D-4397-816D-7B923B32CB6D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D3416ABD-B312-4682-A389-FF42B051D88A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DA33A581-1B43-4352-B3AD-9E3D96E27887}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{DB151CB2-912F-4308-AFBA-40DDA14F7BBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{DBF1F152-590E-420C-B4C0-A0CD1AE45D0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E16D25BD-09A8-4E11-A216-A5EB5C60AD8B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{E9385639-358E-4D61-92AB-ECF1D7067A47}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F149D71A-F1B6-4897-A5A4-97A6B3209F26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6B7C2C5-E1E5-4732-85E4-BD154433C0CE}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{F927C8A8-6176-42B3-97A3-4A2172B29232}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AFB2F9-BFBB-43DD-B2C6-90CDF7FC0722}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe | 
"{0289A77B-2DE1-4F40-996E-184307A3F9C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter.exe | 
"{030E028E-6646-48E5-B4CB-74713FB2F400}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{071B8DE5-5122-4AA1-A0FE-95E6EF5C6AFD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{087A100D-6E93-476E-8DE9-34CE0D7D4D63}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0CED217A-42BE-4144-A266-12802C8AB2FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F6B70A7-16F4-43DF-A5FA-D7EE63CAD75E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{123F8F00-CC58-4A50-BFE1-65B9AB462CC8}" = protocol=47 | dir=in | app=system | 
"{1316C6FC-97DE-4CD3-9AD1-8F25EDB077C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{135BDF7C-60B1-48A9-B4E5-5837AD19AB5C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{140648A5-5F01-48B7-BB3B-2653BE4EA6A8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{15913826-DB5F-4F83-A5C8-227FA83B0E6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{17FAAEAA-0FB4-41D6-A7F1-9975FEEC8154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{1CBDA7BD-AA79-4C34-BFEF-CD175321B00E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{1F735ECC-A993-4E46-AD7F-85DF9319A59B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{205652BC-A923-45C7-B4BB-68C3DD1D6ADC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{212F9557-40DC-492B-8B5E-FCB8D4344EC3}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | 
"{24DCCB41-BA77-4E1E-9A9B-84AF3D7390D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{254CFEAA-4CC6-4355-B449-C773022C45FE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{2888E4AE-D5F7-4571-9DFE-77071561640D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe | 
"{2B441A01-7204-40C3-A5B8-8CB6B9889BE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{2CD9F1FE-B036-4912-B86C-75A313641A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\towns\towns.exe | 
"{3031161C-D368-4939-9E17-83B1A447B026}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{3383568C-C84F-4020-A0B1-71AEA86098AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe | 
"{36646644-A1D6-48D7-A170-7D65E4462E95}" = protocol=58 | dir=in | [email protected],-28545 | 
"{39535946-CAAE-4977-8AC4-046007C85A09}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3A96F803-316E-48CE-9948-8303993304D5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{3BB4A0BE-A98C-4E66-9539-18B8DD9D48FD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{3E90AABD-5580-4AA1-AA0B-1BAEC75FCAB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3launcher.exe | 
"{45074DF8-5907-47C4-84E0-F8DB106AFD0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{475DF1F4-0F6B-4E21-9A3B-C913BA486487}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{47B3D00B-5B47-470F-B8DE-3FB884AD9918}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{4A3A2542-53E9-4486-88A1-9B84929F707E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{4AD3BBC1-F983-4A57-9C0C-B25B1A0A3B90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4C5FC382-6A58-4A8B-90F3-DD48A0EDCE39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\towns\towns.exe | 
"{4FA556F4-3728-4DB2-81E6-423AC810E562}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{51BC2951-DFE8-4F83-85A7-4C590D1CEFCE}" = protocol=1 | dir=out | [email protected],-28544 | 
"{58DBAC72-14D0-482C-BF10-98BC35E9B914}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5CC534A6-C004-46D1-B844-26B031C24A46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E6A2C10-BED9-4783-B744-CDE85E72CF03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5F3E1E35-5F29-421B-BFCD-BFD6ABC50A14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{5FAAD571-FA7D-427C-8EE1-55E7899B3B71}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6115F3FF-C431-4AD7-80E2-09D6B2EE47A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{624594A6-4D1C-4C7B-8115-0B9F5A297882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{666DEDB9-5487-4268-8308-E5BFD01A4565}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{66F89506-BF77-42E6-98C6-1111A50389C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67DDA450-3322-42F6-B524-78BD908A3EEE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{69117B7E-7182-41B2-943A-C8B5A26B178F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldierfront2\dfubg.exe | 
"{6A677724-8B91-45CB-A656-9F97D2F164D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\blacklist_launcher.exe | 
"{6B33ED1A-7FEE-408E-ACEB-20B57EEC254E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{707B7935-90A5-49B4-B28B-39DACA3EF7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{719D6F2C-C1F7-4317-8920-65D8D643BD89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{71FE96EF-03D2-480E-A549-DEEA13E8E190}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{74E179D2-9C8C-49E2-AB9F-257517AB3C0A}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | 
"{75F3B713-E99A-42D6-B8C5-CAA735EB5A16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\src\system\gu.exe | 
"{789B025A-060C-4387-92D1-1CFFBA1E4B1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79DD6A11-BF8D-40F8-8950-A7C263D26409}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{7E046558-C4DE-4C9C-8DE2-7D2C59EF057D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe | 
"{7E7502DB-ACA9-4A94-8805-08CB0EE8DA0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F77F82A-3489-4514-B5A8-AADD636F8DD0}" = protocol=1 | dir=in | [email protected],-28543 | 
"{801C0C12-997E-4D1E-822A-CB0B71B9A5A0}" = protocol=58 | dir=out | [email protected],-28546 | 
"{80C5C35B-A4A2-4171-ADF5-8424B1933A21}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{82BB1E84-3C48-4910-A569-EDF545DA3E02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\src\system\gu.exe | 
"{82E58D95-2D42-453B-A770-DA9A3A69BBAA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{859B88C2-569E-4397-B8FE-8DFF41F0DD7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{8881DC8B-5FF4-4279-9ECF-54CC2DCB503D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{88842546-AAD0-425B-ADE5-690A7F8843B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8A9F0796-BE9A-461A-906D-F2C4ABEF31F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{8CAD546E-90EC-46A1-88DB-07E5C2B83991}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldierfront2\dfubg.exe | 
"{8F90D1D8-307C-4642-B70A-3BF87C021612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{943C89E4-47CD-4931-A2E0-D990A051BBD8}" = protocol=47 | dir=out | app=system | 
"{949A8959-A9DB-469C-9548-2418B7F589DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{9794AA17-DF55-4D4F-9A95-A782A241B211}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{99676BE2-FE07-4B3B-8E2C-C213EDF94EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3launcher.exe | 
"{998304FC-B63E-4967-861D-90A085E7619D}" = dir=in | app=c:\users\lauren\appdata\local\torch\plugins\hola\hola_plugin_x64.exe | 
"{9DA5A4C2-393F-4F23-B676-D1C8DA028901}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9E50CF93-DF2C-4898-B698-7E5F50E4A8C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{A6ECD26A-7F57-4AA0-977F-E8D1C3FAC0E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe | 
"{A90232D9-77C4-406B-926C-158818BCEBF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe | 
"{AA95747C-0DAE-4605-910B-2176DAA4AA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{AD4DB4D4-9125-419C-B71D-CF74C25A4C65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{ADDE8A27-1F56-4930-A8B6-C0C1F0DEA1E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B55A6870-DFCB-4C5E-B67A-14E7E501315D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B56343FD-B6E9-4412-8796-4B188DCE7352}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B6F7768A-797D-46DB-B365-857163FC5C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\blacklist_launcher.exe | 
"{B96B1769-7BAB-48FD-A22C-ED0D8C3DC3B4}" = protocol=6 | dir=out | app=system | 
"{C2A8BBB6-D18B-4A6A-ACD6-4A5D1D3F402B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe | 
"{CD53C324-0318-405E-8127-056E09B70F81}" = dir=in | app=c:\users\lauren\appdata\local\torch\plugins\hola\hola_plugin.exe | 
"{CF6AC0DA-AD50-4332-BE1F-549FFC5FA14C}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{D1A04A57-B831-4DCF-8D0A-BF098452CE01}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{D278B48A-60A1-4F1F-B0A2-3B569F9CA229}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DE15BF67-71D0-456D-A652-10226E0664EC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{E4ADB047-5615-41E4-B440-6ADCC50D0B24}" = dir=in | app=c:\users\lauren\appdata\local\torch\application\torch.exe | 
"{E4F62F8D-98CC-4AEA-9CB5-ED40348F6C28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{EA5F5840-EF13-4A4E-85DE-9F4D53E3D3BC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{EC988615-C1AA-4C2C-8C71-FF139FC3AD73}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{F02A4BD8-D046-4760-9705-BFD3A526BE19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldierfront2\binaries\win32\sf2.exe | 
"{F0A2F9AB-A07D-4F85-A29E-C9502CBB9C34}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{F1576160-8DAF-4530-9F04-C1E79EA04620}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{F2412E55-2712-4569-9CEC-AB418825577D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter.exe | 
"{F2D33EA4-4D59-40F4-B050-2ACD73B32276}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\soldierfront2\binaries\win32\sf2.exe | 
"{F9505232-F41D-4CFC-BA2A-E5CDE608526D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA446CD2-23F8-4BFA-A7C1-4BB0DFEAB90B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FA667145-D5FA-4B27-9B5C-75F619041865}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{FC7E6C96-030A-451F-B344-94B23CCC4CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEFC9D91-1AC6-4F5D-814E-0120105F31AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe | 
"TCP Query User{13E892D5-4EE6-43BF-8EAF-825A8C729BCC}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe | 
"TCP Query User{18C97740-1BAF-49D6-A1B5-3E4926CE7DB8}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"TCP Query User{4E7A9D2B-1284-4C85-BD0C-2DD7A69201A6}C:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe | 
"TCP Query User{4F42971D-1446-480C-AAAF-D3B39A9E9982}C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | 
"TCP Query User{52D7CB38-F644-4386-9D5C-DB17DFECC21F}C:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe | 
"TCP Query User{65556D7A-DD50-40B2-8814-6DAFDA7A4120}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe | 
"TCP Query User{6EA0EC68-FE82-4971-A5B1-D27D11C18F74}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"TCP Query User{75A06307-658A-4BE9-AADC-E22BF97EF1AB}C:\users\lauren\downloads\skin_templates_for_wings_of_prey.exe" = protocol=6 | dir=in | app=c:\users\lauren\downloads\skin_templates_for_wings_of_prey.exe | 
"TCP Query User{7C5A0DD6-C3E0-454D-9CAC-27733899B90F}C:\users\lauren\downloads\skin_templates_3_for_wings_of_prey.exe" = protocol=6 | dir=in | app=c:\users\lauren\downloads\skin_templates_3_for_wings_of_prey.exe | 
"TCP Query User{8ADD2A63-BEA8-4809-B1CC-3E5A9F275F41}C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe | 
"TCP Query User{90AF441D-0088-4442-AF6E-FC48C1B003A9}C:\program files (x86)\wing commander saga prologue\wcsaga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wing commander saga prologue\wcsaga.exe | 
"TCP Query User{9AD215BB-FAC0-4AB3-AA86-47F66E1B1B42}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"TCP Query User{B1E63026-26AF-49E2-B595-5D089F3256FF}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe | 
"TCP Query User{BA669B91-2BAA-454A-8EAC-2F4F4B9C2488}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{D3492D20-60A8-4398-8A1A-FABD1E38C181}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D447A3AE-B545-49F5-BDD2-A0DB0F777537}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe | 
"TCP Query User{F4592727-E3E7-4B26-97ED-B080B098DFAC}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{F58DF7F3-700B-4A04-A511-6C6BBB744E88}C:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe | 
"UDP Query User{026162AB-E045-40BF-B76E-2DDDDA302916}C:\users\lauren\downloads\skin_templates_for_wings_of_prey.exe" = protocol=17 | dir=in | app=c:\users\lauren\downloads\skin_templates_for_wings_of_prey.exe | 
"UDP Query User{3FFFE91D-60C4-455B-B059-4CE74F174BC9}C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | 
"UDP Query User{4A7A9D4B-32C7-408A-9ABC-4E04B9A348EE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4D300B15-1863-43D9-AB57-6B1A3C22C278}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"UDP Query User{53FB83AB-EE06-4410-BE44-0214B6DDCA8D}C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe | 
"UDP Query User{59972501-B2C0-4F3F-BC05-144CBBB88881}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"UDP Query User{77C4202A-D826-4D42-944B-B68C6B4D6597}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\aces.exe | 
"UDP Query User{7C849C4B-4F1C-4BC5-B7AB-A003BE8336D0}C:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe | 
"UDP Query User{7E425AE0-7E49-45CF-96BB-A0A850913F96}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{813342F3-AF2B-4353-8662-D85FEA0D1681}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"UDP Query User{9C66A131-3065-4D76-B386-15C639FB73A2}C:\program files (x86)\wing commander saga prologue\wcsaga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wing commander saga prologue\wcsaga.exe | 
"UDP Query User{BD2D4C1B-8B68-4E9F-B97C-00196FA1DB7B}C:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe | 
"UDP Query User{CED3E054-58F4-4A67-A0EB-B91F04F2FBDC}C:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe | 
"UDP Query User{D9276E5D-0DBE-4552-8E66-F952B63D99B3}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe | 
"UDP Query User{DE133A3C-7CFF-44E3-9C09-FE2F131DD887}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe | 
"UDP Query User{E618BF70-EF81-42FA-8420-CF1DC2E210F8}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe | 
"UDP Query User{F3F6EB27-021A-4C33-A3EE-A033116704B5}C:\users\lauren\downloads\skin_templates_3_for_wings_of_prey.exe" = protocol=17 | dir=in | app=c:\users\lauren\downloads\skin_templates_3_for_wings_of_prey.exe | 
"UDP Query User{F881046E-AE01-4CDC-97C6-FC247AF140DC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F86417000F0}" = Java™ 7 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5BBEF15-44B1-43FA-A4B7-3AFE501B5949}" = AVG 2014
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D1C0C574-6385-4ED1-BBD9-2B62FCECE0EF}" = AVG 2014
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F26D0153-CD17-4662-8592-DD98498DE6E4}" = HP Photosmart 5510d series Basic Device Software
"{F5551626-0E88-4399-A32D-2F6115CCDD92}" = HP Photosmart 5510d series Product Improvement Study
"AVG" = AVG 2014
"Banished v1.0.1 (64-bit)1.0.1" = Banished v1.0.1 (64-bit)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ProInst" = Intel PROSet Wireless
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel® WiDi
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}" = TurboTax 2013
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java™ 7
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}" = HP SimplePass 2011
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75939021-3B68-419D-8DC1-E9823BFF9658}" = Google Drive
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84BD11C9-3AC8-4845-AFB3-39A551618820}" = HP Documentation
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B7EB794A-5A36-4CB0-90D9-BD0E786972D4}" = LogMeIn Hamachi
"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Audio Converter_is1" = Any Audio Converter 4.0.6
"Any Video Converter_is1" = Any Video Converter 5.5.8
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFG-Atlantis Adventure" = Atlantis Adventure
"BFGC" = Big Fish: Game Manager
"BFG-Farm Up" = Farm Up
"BFG-Jewel Match IV" = Jewel Match IV
"BFG-Vesuvia" = Vesuvia
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.4_is1" = Cheat Engine 6.4
"Euro Truck Simulator 2 v1.10.1s (DLC Metallics and East)1.10.1s" = Euro Truck Simulator 2 v1.10.1s (DLC Metallics and East)
"Far Cry 3 Update v1.04-=AviaRa=- 1.04" = Far Cry 3 Update v1.04-=AviaRa=- 1.04
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Razer Game Booster_is1" = Razer Game Booster
"Revo Uninstaller" = Revo Uninstaller 1.95
"SpeedFan" = SpeedFan (remove only)
"Steam App 105600" = Terraria
"Steam App 107410" = Arma 3 Beta
"Steam App 109600" = Neverwinter
"Steam App 208090" = Loadout
"Steam App 209080" = Guns of Icarus Online
"Steam App 212070" = Star Conflict
"Steam App 221020" = Towns
"Steam App 230410" = Warframe
"Steam App 235600" = Tom Clancy's Splinter Cell Blacklist
"Steam App 236390" = War Thunder
"Steam App 239660" = Soldier Front 2
"Steam App 243870" = Tom Clancy's Ghost Recon Online
"Steam App 271290" = HAWKEN
"Steam App 39000" = Moonbase Alpha
"Steam App 550" = Left 4 Dead 2
"Steam App 730" = Counter-Strike: Global Offensive
"Uplay" = Uplay
"WENPTUVuZW15V2l0aGlu_is1" = XCOM: Enemy Within
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Lauren
"d8be6c3f847d7d92" = Ghost Recon Online (EU)
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/19/2014 12:55:48 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x000000000005285f  Faulting process
 id: 0x4ec  Faulting application start time: 0x01cfa30dabccb96f  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: f29acb9c-0f00-11e4-9f7d-101f74fadaf2
 
Error - 7/20/2014 12:29:44 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x00000000000303f2  Faulting process
 id: 0x4c8  Faulting application start time: 0x01cfa3d33260100d  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: 791fd9f9-0fc6-11e4-944a-101f74fadaf2
 
Error - 7/20/2014 12:39:43 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x000000000005285f  Faulting process
 id: 0x4d0  Faulting application start time: 0x01cfa3d4972d6e72  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: dddef01c-0fc7-11e4-809e-101f74fadaf2
 
Error - 7/20/2014 4:59:03 PM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x000000000005285f  Faulting process
 id: 0x510  Faulting application start time: 0x01cfa45d67081dcc  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: adc0c397-1050-11e4-9860-101f74fadaf2
 
Error - 7/20/2014 6:11:41 PM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x000000000005285f  Faulting process
 id: 0x50c  Faulting application start time: 0x01cfa4678c5a3ea1  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: d3238e0e-105a-11e4-8b03-101f74fadaf2
 
Error - 7/20/2014 9:00:01 PM | Computer Name = Lauren-HP | Source = Windows Backup | ID = 4103
Description = The backup did not complete because of an error writing to the backup
 location E:\. The error is: The backup location cannot be found or is not valid.
 Review your backup settings and check the backup location. (0x81000006).
 
Error - 7/21/2014 1:16:10 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x00000000000303f2  Faulting process
 id: 0x4c4  Faulting application start time: 0x01cfa4a2d90e02f9  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: 1fbf84a3-1096-11e4-9cdf-101f74fadaf2
 
Error - 7/21/2014 1:31:29 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x000000000005285f  Faulting process
 id: 0x514  Faulting application start time: 0x01cfa4a4fd2902ad  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: 43df4717-1098-11e4-9eb6-101f74fadaf2
 
Error - 7/21/2014 1:41:01 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: torch.exe, version: 33.0.0.7326, time stamp:
 0x53bdfe4c  Faulting module name: torch.exe, version: 33.0.0.7326, time stamp: 0x53bdfe4c
Exception
 code: 0x40000015  Fault offset: 0x0004843e  Faulting process id: 0x16e4  Faulting application
 start time: 0x01cfa4a6513c9c25  Faulting application path: C:\Users\Lauren\AppData\Local\Torch\Application\torch.exe
Faulting
 module path: C:\Users\Lauren\AppData\Local\Torch\Application\torch.exe  Report Id:
 989eb512-1099-11e4-9eb6-101f74fadaf2
 
Error - 7/21/2014 2:10:25 AM | Computer Name = Lauren-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6341.0, time
 stamp: 0x4ddf1a4c  Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp:
 0x52a02f91  Exception code: 0xc0000005  Fault offset: 0x00000000000303f2  Faulting process
 id: 0x490  Faulting application start time: 0x01cfa4aa6d5bb856  Faulting application
 path: C:\Program Files\IDT\WDM\STacSV64.exe  Faulting module path: C:\Windows\system32\stapi64.dll
Report
 Id: b40ad8a0-109d-11e4-8df8-101f74fadaf2
 
[ Hewlett-Packard Events ]
Error - 9/16/2012 10:33:11 PM | Computer Name = Lauren-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/9/2012 2:53:26 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/966a20f0_1d89_4e2a_980e_85938c85b700/1cbzuewgpcals2asbx8ism+e_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 20  TargetSite: Void UpdateDetail(System.String)  
 
Error - 10/15/2012 9:23:13 AM | Computer Name = Lauren-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
 
   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6091  Ram Utilization: 20  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 10/15/2012 9:23:31 AM | Computer Name = Lauren-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/21/2012 5:39:16 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 10/28/2012 4:24:54 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 11/4/2012 8:59:22 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 11/11/2012 9:33:08 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 11/18/2012 7:17:35 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 20  TargetSite: Void UpdateAndDetect()  
 
Error - 11/25/2012 11:51:25 PM | Computer Name = Lauren-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
[ HP Software Framework Events ]
Error - 1/27/2014 1:16:30 PM | Computer Name = Lauren-HP | Source = hpqWmiEx | ID = 5
Description = 2014/01/27 10:16:30.575|00001424|Error      |ChpqWmiExModule::Start|The
 hpqwmiex service failed to start (1063).  A system restart may correct this problem.
 
[ Media Center Events ]
Error - 10/22/2013 8:50:41 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 6:50:32 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)
 
 
Error - 10/22/2013 9:51:47 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 7:51:40 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80080005)
 
 
Error - 11/17/2013 12:10:08 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 9:09:38 AM - Error connecting to the internet.  9:09:38 AM -     Unable
 to contact server..  
 
Error - 3/31/2014 3:32:11 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 1:32:11 PM - Error connecting to the internet.  1:32:11 PM -     Unable
 to contact server..  
 
Error - 3/31/2014 3:33:02 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 1:32:40 PM - Error connecting to the internet.  1:32:40 PM -     Unable
 to contact server..  
 
Error - 5/12/2014 8:35:51 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 6:35:41 PM - Error connecting to the internet.  6:35:41 PM -     Unable
 to contact server..  
 
Error - 5/12/2014 9:45:14 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 7:45:00 PM - Error connecting to the internet.  7:45:00 PM -     Unable
 to contact server..  
 
Error - 5/12/2014 10:57:13 PM | Computer Name = Lauren-HP | Source = MCUpdate | ID = 0
Description = 8:57:09 PM - Error connecting to the internet.  8:57:09 PM -     Unable
 to contact server..  
 
Error - 6/21/2014 9:38:19 PM | Computer Name = Lauren-HP | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 6/21/2014 9:39:20 PM | Computer Name = Lauren-HP | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description = 
 
[ System Events ]
Error - 7/21/2014 11:04:34 AM | Computer Name = Lauren-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 7/21/2014 11:04:35 AM | Computer Name = Lauren-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 7/21/2014 11:04:35 AM | Computer Name = Lauren-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 7/21/2014 11:04:44 AM | Computer Name = Lauren-HP | Source = PNRPSvc | ID = 102
Description = 
 
Error - 7/21/2014 11:04:44 AM | Computer Name = Lauren-HP | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 7/21/2014 11:04:44 AM | Computer Name = Lauren-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 7/21/2014 11:05:35 AM | Computer Name = Lauren-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 7/21/2014 11:05:40 AM | Computer Name = Lauren-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 7/21/2014 11:05:41 AM | Computer Name = Lauren-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 7/21/2014 11:05:41 AM | Computer Name = Lauren-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
< End of report >
 

 


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Triskelion,
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.   :)
 
======================================================
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • Scroll to the top of this page and ensure you see the following: 6hgDYJ6.png
    • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
  • Please attempt to backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================
 
Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a instructor at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.


  • 0

#3
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Sounds good... See you soon.


  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Triskelion, 
 
Please run the following programmes, and post the logs generated. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
aA7bkRO.jpg aswMBR

  • Please download aswMBR and save the file to your desktop
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
 

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • aswMBR log

  • 0

#5
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Hey Adam. Thanks again for the help. My co-worker appreciates it.

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Lauren (administrator) on LAUREN-HP on 22-07-2014 11:39:08
Running from C:\Users\Lauren\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TorchMedia Inc.) C:\Users\Lauren\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup 
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup 
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup 
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1437321509-492886448-564446639-1000\...\Run: [GoogleChromeAutoLaunch_5A7CED7E60360B541D5D45B04E2E9E47] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-1437321509-492886448-564446639-1000\...\Policies\system: [EnableLUA] 0
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * bootdeletesdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM - {67BEB0E5-6B31-4D2E-A769-000C5FA712E0} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {19E2B84A-76AB-4A61-83E6-7CD18211855F} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {267BB848-E6E8-46A7-A0B6-8E0123B74611} URL = http://search.condui...PV=SSPV_AB_IE_1
SearchScopes: HKCU - {3C3DCC02-C1F9-44CC-8A57-3EB6F6FA3376} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {3F66891D-B10C-45FD-9D4A-226A6165CEFB} URL = http://search.condui...4215271082&UM=2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - {803427AC-4E9B-4306-ABCD-EB550F28BAD9} URL = http://ca.search.yah...p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: HKLM-x32 {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://192.168.1.81/JpegInst.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2B725F0B-F1CB-4FDD-B78A-022C5481E817}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\no6ndkj8.default
FF DefaultSearchEngine: Speedbit
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: user_pref("browser.startup.homepage", "");
FF Keyword.URL: hxxp://go.speedbit.com/search.aspx?s=Unknown&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC - C:\Users\Lauren\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Lauren\AppData\Local\Roblox\Versions\version-459b702c887942d4\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lauren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-05-21]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [{193fe82a-c958-450c-8097-de926f5db967}] - C:\Program Files (x86)\LyricSing\130.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://google.ca/"
CHR StartupUrls: "hxxp://google.ca/"
CHR DefaultSearchKeyword: 
CHR DefaultSearchProvider: 
CHR DefaultSearchURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (EA Battlefield Heroes Updater) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\npBFHUpdater.dll (EA Digital Illusions CE AB)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Lauren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Lauren\AppData\Local\Roblox\Versions\version-459b702c887942d4\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Users\Lauren\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (From Dust) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-02-05]
CHR Extension: (Google Drive) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Battlefield Heroes) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-04-19]
CHR Extension: (Kingdom Rush) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2014-03-21]
CHR Extension: (Google Search) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (AdBlock) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-26]
CHR Extension: (Skyrama) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2014-03-21]
CHR Extension: (Ashish Mishra) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (VEGA Conflict) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnhjmhhejnacfimcjhjbcphfnndhfec [2014-02-05]
CHR Extension: (Minecraft Origins) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooemofofigijedhcifaimglnncjmckaa [2014-01-22]
CHR Extension: (Gmail) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Lauren\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2014-01-07]
CHR HKCU\...\Chrome\Extension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:\Users\Lauren\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\Lauren\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Lauren\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Lauren\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\Lauren\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:\Users\Lauren\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\Lauren\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Lauren\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Lauren\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2011-04-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-24] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-28] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2541688 2014-03-04] (Speedbit Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TorchCrashHandler; C:\Users\Lauren\AppData\Local\Torch\Update\TorchCrashHandler.exe [1216520 2014-07-09] (TorchMedia Inc.)
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
 
==================== Drivers (Whitelisted) ====================
 
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-08-22] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-05-14] (Intel Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-11-21] (Windows ® Win 7 DDK provider)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129856 2014-04-25] (Razer, Inc.)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-03-04] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-06-21] ()
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-22 11:39 - 2014-07-22 11:39 - 00032247 _____ () C:\Users\Lauren\Desktop\FRST.txt
2014-07-22 11:38 - 2014-07-22 11:39 - 00000000 ____D () C:\FRST
2014-07-22 11:36 - 2014-07-22 11:35 - 02090496 _____ (Farbar) C:\Users\Lauren\Desktop\FRST64.exe
2014-07-22 11:35 - 2014-07-22 11:35 - 02090496 _____ (Farbar) C:\Users\Lauren\Downloads\FRST64.exe
2014-07-21 10:34 - 2014-07-21 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\Lauren\Downloads\OTL.exe
2014-07-21 10:34 - 2014-07-21 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\Lauren\Desktop\OTL.exe
2014-07-21 09:55 - 2014-07-21 09:55 - 00001226 _____ () C:\Users\Lauren\Desktop\Revo Uninstaller.lnk
2014-07-21 09:55 - 2014-07-21 09:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-21 09:54 - 2014-07-21 09:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lauren\Downloads\revosetup.exe
2014-07-20 23:42 - 2014-07-20 23:43 - 00567080 _____ () C:\Users\Lauren\Downloads\setup(1).exe
2014-07-20 23:42 - 2014-07-20 23:42 - 00567080 _____ () C:\Users\Lauren\Downloads\setup.exe
2014-07-20 23:41 - 2014-07-20 23:41 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-20 23:41 - 2014-07-20 23:41 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-20 23:41 - 2014-07-20 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-20 23:40 - 2014-07-20 23:40 - 00284224 _____ (Mozilla) C:\Users\Lauren\Downloads\Firefox Setup Stub 30.0.exe
2014-07-20 16:24 - 2014-07-20 23:16 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForLauren.job
2014-07-20 16:24 - 2014-07-20 16:24 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLauren
2014-07-18 21:50 - 2014-07-18 21:50 - 00000000 ____D () C:\Users\Lauren\Documents\TurboTax
2014-07-18 21:33 - 2014-07-18 22:58 - 00000000 ____D () C:\Users\Lauren\Desktop\SAVED ITEMS!!!
2014-07-12 21:20 - 2014-07-12 21:20 - 00254976 _____ () C:\Users\Lauren\Downloads\jonnewsletter.wiz
2014-07-12 20:18 - 2014-07-12 20:18 - 00025600 _____ () C:\Users\Lauren\Downloads\scriptforretirementinterview.wiz
2014-07-08 22:52 - 2014-07-08 22:52 - 00339968 _____ () C:\Users\Lauren\Downloads\image (12).jpeg
2014-07-08 22:52 - 2014-07-08 22:52 - 00331776 _____ () C:\Users\Lauren\Downloads\image (14).jpeg
2014-07-08 22:52 - 2014-07-08 22:52 - 00286720 _____ () C:\Users\Lauren\Downloads\image (13).jpeg
2014-07-08 22:27 - 2014-07-08 22:27 - 00307200 _____ () C:\Users\Lauren\Downloads\image (11).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00352256 _____ () C:\Users\Lauren\Downloads\image (7).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00339968 _____ () C:\Users\Lauren\Downloads\image (10).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00319488 _____ () C:\Users\Lauren\Downloads\image (9).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00282624 _____ () C:\Users\Lauren\Downloads\image (8).jpeg
2014-07-08 22:25 - 2014-07-08 22:25 - 00319488 _____ () C:\Users\Lauren\Downloads\image (5).jpeg
2014-07-08 22:25 - 2014-07-08 22:25 - 00294912 _____ () C:\Users\Lauren\Downloads\image (6).jpeg
2014-07-08 22:25 - 2014-07-08 22:25 - 00249856 _____ () C:\Users\Lauren\Downloads\image (4).jpeg
2014-07-08 22:24 - 2014-07-08 22:24 - 00352256 _____ () C:\Users\Lauren\Downloads\image (3).jpeg
2014-07-08 22:24 - 2014-07-08 22:24 - 00339968 _____ () C:\Users\Lauren\Downloads\image (1).jpeg
2014-07-08 22:24 - 2014-07-08 22:24 - 00278528 _____ () C:\Users\Lauren\Downloads\image (2).jpeg
2014-07-08 22:22 - 2014-07-08 22:22 - 00237568 _____ () C:\Users\Lauren\Downloads\image.jpeg
2014-07-08 22:19 - 2014-07-22 09:15 - 00006754 _____ () C:\Windows\PFRO.log
2014-07-08 10:31 - 2014-07-08 10:31 - 00001278 _____ () C:\Users\Lauren\Desktop\Far Cry 3 Language Selector-=AviaRa=-.lnk
2014-07-08 00:40 - 2014-07-08 00:40 - 01853264 _____ (BitTorrent Inc.) C:\Users\Lauren\Downloads\uTorrent.exe
2014-07-08 00:39 - 2014-07-22 09:16 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-07-08 00:39 - 2014-07-08 00:39 - 00012984 _____ () C:\Users\Lauren\Downloads\Far.Cry.3.Update.v1.04-RELOADED.7962332.TPB.torrent
2014-07-08 00:37 - 2014-07-08 00:37 - 01661136 _____ (Torch Media, Inc) C:\Users\Lauren\Downloads\TorchSetupk-r20-n-bc.exe
2014-07-08 00:28 - 2014-07-08 00:28 - 01391485 _____ () C:\Users\Lauren\Downloads\ultralow_settings_mod1.1.zip
2014-07-06 13:53 - 2014-07-06 13:53 - 00000022 _____ () C:\Users\Lauren\Downloads\orbit_api.ini
2014-07-03 18:17 - 2014-07-20 16:18 - 00002271 _____ () C:\Windows\comsetup.log
2014-06-29 11:21 - 2014-06-29 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-06-29 11:21 - 2014-06-29 11:22 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-06-29 11:21 - 2014-06-29 11:21 - 09052192 _____ (Cheat Engine ) C:\Users\Lauren\Downloads\CheatEngine64.exe
2014-06-29 07:28 - 2014-06-29 07:30 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-29 07:28 - 2014-06-29 07:28 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-29 07:25 - 2014-06-29 07:25 - 02143832 _____ () C:\Users\Lauren\Downloads\instsf449.exe
2014-06-27 22:18 - 2014-06-27 22:18 - 00000000 ____D () C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2014-06-27 22:18 - 2014-06-27 22:18 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Downloaded Installations
2014-06-27 22:18 - 2014-06-27 22:18 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-06-27 22:17 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-06-27 22:17 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-06-27 22:17 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-06-27 22:17 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-06-27 22:17 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-06-27 22:17 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-06-27 22:16 - 2014-06-28 07:56 - 00037022 _____ () C:\Windows\DirectX.log
2014-06-27 22:12 - 2014-06-27 22:12 - 00431104 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00116736 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00086016 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-27 22:11 - 2014-06-27 22:11 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-27 21:42 - 2014-06-27 21:42 - 00613200 _____ () C:\Users\Lauren\Downloads\wing-commander-saga-prologue.exe
2014-06-27 17:50 - 2014-06-27 17:52 - 00000000 ____D () C:\Users\Lauren\Downloads\Command And Conquer 3 Tiberium Wars
2014-06-26 16:20 - 2014-07-22 09:15 - 00005038 _____ () C:\Windows\setupact.log
2014-06-26 16:20 - 2014-06-26 16:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-25 19:54 - 2014-06-25 20:03 - 401729391 _____ () C:\Users\Lauren\Downloads\7Base - Four Sorceress Armors-48446-2-0.7z
2014-06-25 18:06 - 2014-07-11 16:57 - 00000000 ___DC () C:\Users\Lauren\AppData\Local\MigWiz
2014-06-25 17:59 - 2014-06-25 17:59 - 25214976 _____ () C:\Users\Lauren\Downloads\LogMeIn.msi
2014-06-25 17:36 - 2014-06-26 12:27 - 00000000 ____D () C:\ProgramData\FolderTransfer
2014-06-25 17:36 - 2014-06-25 17:36 - 02362936 _____ () C:\Users\Lauren\Downloads\foldertransfer.zip
2014-06-25 17:26 - 2014-06-25 17:27 - 09312032 _____ (Microsoft Corporation) C:\Users\Lauren\Downloads\wet7xp_x64.exe
2014-06-24 19:33 - 2014-06-24 19:34 - 13025420 _____ (WhatPulse ) C:\Users\Lauren\Downloads\whatpulse-win-2.4.exe
2014-06-22 20:35 - 2014-06-22 20:35 - 07878008 _____ (Microsoft Corporation) C:\Users\Lauren\Downloads\Xbox360_64Eng.exe
2014-06-22 20:08 - 2014-06-22 20:08 - 00000000 ____D () C:\ProgramData\Validity
2014-06-22 20:03 - 2014-06-22 20:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-06-22 20:03 - 2012-09-06 01:47 - 02693240 _____ (Validity Sensors, Inc.) C:\Windows\system32\vcsAPIFORWBF.dll
2014-06-22 20:02 - 2014-05-14 15:08 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-06-22 20:02 - 2014-05-14 15:08 - 00125952 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-22 11:39 - 2014-07-22 11:39 - 00032247 _____ () C:\Users\Lauren\Desktop\FRST.txt
2014-07-22 11:39 - 2014-07-22 11:38 - 00000000 ____D () C:\FRST
2014-07-22 11:35 - 2014-07-22 11:36 - 02090496 _____ (Farbar) C:\Users\Lauren\Desktop\FRST64.exe
2014-07-22 11:35 - 2014-07-22 11:35 - 02090496 _____ (Farbar) C:\Users\Lauren\Downloads\FRST64.exe
2014-07-22 11:33 - 2012-04-18 09:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 11:11 - 2012-11-10 16:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 11:01 - 2012-05-21 14:17 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-07-22 10:01 - 2012-01-27 02:52 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1E80AD34-A1C2-4DC2-88B6-9D9458878640}
2014-07-22 09:51 - 2011-11-29 21:21 - 01333025 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 09:26 - 2014-06-19 15:33 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Adobe
2014-07-22 09:21 - 2009-07-13 22:45 - 00032064 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 09:21 - 2009-07-13 22:45 - 00032064 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 09:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-22 09:16 - 2014-07-08 00:39 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-07-22 09:16 - 2012-11-10 16:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 09:15 - 2014-07-08 22:19 - 00006754 _____ () C:\Windows\PFRO.log
2014-07-22 09:15 - 2014-06-26 16:20 - 00005038 _____ () C:\Windows\setupact.log
2014-07-22 09:15 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 09:08 - 2013-12-27 22:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-22 09:06 - 2009-07-13 23:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 10:34 - 2014-07-21 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\Lauren\Downloads\OTL.exe
2014-07-21 10:34 - 2014-07-21 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\Lauren\Desktop\OTL.exe
2014-07-21 10:09 - 2011-10-12 17:38 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-07-21 10:08 - 2011-10-12 17:38 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-07-21 10:08 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 10:05 - 2012-06-08 17:20 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\WildTangent
2014-07-21 10:05 - 2011-10-12 17:38 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-21 09:55 - 2014-07-21 09:55 - 00001226 _____ () C:\Users\Lauren\Desktop\Revo Uninstaller.lnk
2014-07-21 09:55 - 2014-07-21 09:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-21 09:54 - 2014-07-21 09:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lauren\Downloads\revosetup.exe
2014-07-20 23:43 - 2014-07-20 23:42 - 00567080 _____ () C:\Users\Lauren\Downloads\setup(1).exe
2014-07-20 23:42 - 2014-07-20 23:42 - 00567080 _____ () C:\Users\Lauren\Downloads\setup.exe
2014-07-20 23:42 - 2012-08-15 13:55 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\Mozilla
2014-07-20 23:41 - 2014-07-20 23:41 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-20 23:41 - 2014-07-20 23:41 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-20 23:41 - 2014-07-20 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-20 23:41 - 2012-12-24 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 23:41 - 2012-02-03 22:09 - 00000000 ____D () C:\Users\Lauren\AppData\Local\CrashDumps
2014-07-20 23:40 - 2014-07-20 23:40 - 00284224 _____ (Mozilla) C:\Users\Lauren\Downloads\Firefox Setup Stub 30.0.exe
2014-07-20 23:28 - 2012-01-27 21:35 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\Skype
2014-07-20 23:16 - 2014-07-20 16:24 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForLauren.job
2014-07-20 18:31 - 2014-05-11 21:53 - 00002232 ____H () C:\Users\Lauren\Documents\Default.rdp
2014-07-20 16:24 - 2014-07-20 16:24 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLauren
2014-07-20 16:23 - 2012-01-30 19:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-20 16:22 - 2012-02-06 17:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-20 16:18 - 2014-07-03 18:17 - 00002271 _____ () C:\Windows\comsetup.log
2014-07-20 16:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-07-18 22:58 - 2014-07-18 21:33 - 00000000 ____D () C:\Users\Lauren\Desktop\SAVED ITEMS!!!
2014-07-18 22:26 - 2013-07-20 07:04 - 00000000 ____D () C:\Users\Lauren\Desktop\Eric's Stuff
2014-07-18 22:04 - 2013-01-19 15:28 - 00000000 ____D () C:\Users\Lauren\Documents\Outlook Files
2014-07-18 22:03 - 2013-02-14 22:59 - 00000000 ____D () C:\Users\Lauren\AppData\Local\E7769A38-323B-4206-A300-C653DD6C913E.aplzod
2014-07-18 21:50 - 2014-07-18 21:50 - 00000000 ____D () C:\Users\Lauren\Documents\TurboTax
2014-07-18 21:41 - 2012-01-27 21:07 - 00000000 ____D () C:\Users\Lauren\Documents\Youcam
2014-07-18 21:34 - 2013-08-03 16:26 - 00000000 ____D () C:\Users\Lauren\Documents\Arma 3
2014-07-17 22:00 - 2013-06-04 16:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-17 09:08 - 2014-05-07 15:19 - 00001257 _____ () C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-07-17 09:08 - 2014-05-07 15:17 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Torch
2014-07-12 21:20 - 2014-07-12 21:20 - 00254976 _____ () C:\Users\Lauren\Downloads\jonnewsletter.wiz
2014-07-12 20:18 - 2014-07-12 20:18 - 00025600 _____ () C:\Users\Lauren\Downloads\scriptforretirementinterview.wiz
2014-07-12 13:46 - 2013-02-21 20:28 - 00000132 _____ () C:\Users\Lauren\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-07-11 16:57 - 2014-06-25 18:06 - 00000000 ___DC () C:\Users\Lauren\AppData\Local\MigWiz
2014-07-10 19:04 - 2013-01-19 14:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 21:58 - 2012-04-18 09:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 21:33 - 2012-04-18 09:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 21:33 - 2011-10-12 17:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 22:52 - 2014-07-08 22:52 - 00339968 _____ () C:\Users\Lauren\Downloads\image (12).jpeg
2014-07-08 22:52 - 2014-07-08 22:52 - 00331776 _____ () C:\Users\Lauren\Downloads\image (14).jpeg
2014-07-08 22:52 - 2014-07-08 22:52 - 00286720 _____ () C:\Users\Lauren\Downloads\image (13).jpeg
2014-07-08 22:27 - 2014-07-08 22:27 - 00307200 _____ () C:\Users\Lauren\Downloads\image (11).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00352256 _____ () C:\Users\Lauren\Downloads\image (7).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00339968 _____ () C:\Users\Lauren\Downloads\image (10).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00319488 _____ () C:\Users\Lauren\Downloads\image (9).jpeg
2014-07-08 22:26 - 2014-07-08 22:26 - 00282624 _____ () C:\Users\Lauren\Downloads\image (8).jpeg
2014-07-08 22:25 - 2014-07-08 22:25 - 00319488 _____ () C:\Users\Lauren\Downloads\image (5).jpeg
2014-07-08 22:25 - 2014-07-08 22:25 - 00294912 _____ () C:\Users\Lauren\Downloads\image (6).jpeg
2014-07-08 22:25 - 2014-07-08 22:25 - 00249856 _____ () C:\Users\Lauren\Downloads\image (4).jpeg
2014-07-08 22:24 - 2014-07-08 22:24 - 00352256 _____ () C:\Users\Lauren\Downloads\image (3).jpeg
2014-07-08 22:24 - 2014-07-08 22:24 - 00339968 _____ () C:\Users\Lauren\Downloads\image (1).jpeg
2014-07-08 22:24 - 2014-07-08 22:24 - 00278528 _____ () C:\Users\Lauren\Downloads\image (2).jpeg
2014-07-08 22:22 - 2014-07-08 22:22 - 00237568 _____ () C:\Users\Lauren\Downloads\image.jpeg
2014-07-08 10:50 - 2013-05-24 07:54 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-08 10:50 - 2013-01-31 17:36 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-08 10:38 - 2012-12-28 08:55 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-08 10:36 - 2014-03-25 10:17 - 00000000 ____D () C:\ProgramData\Orbit
2014-07-08 10:31 - 2014-07-08 10:31 - 00001278 _____ () C:\Users\Lauren\Desktop\Far Cry 3 Language Selector-=AviaRa=-.lnk
2014-07-08 05:12 - 2014-04-07 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 00:40 - 2014-07-08 00:40 - 01853264 _____ (BitTorrent Inc.) C:\Users\Lauren\Downloads\uTorrent.exe
2014-07-08 00:39 - 2014-07-08 00:39 - 00012984 _____ () C:\Users\Lauren\Downloads\Far.Cry.3.Update.v1.04-RELOADED.7962332.TPB.torrent
2014-07-08 00:37 - 2014-07-08 00:37 - 01661136 _____ (Torch Media, Inc) C:\Users\Lauren\Downloads\TorchSetupk-r20-n-bc.exe
2014-07-08 00:28 - 2014-07-08 00:28 - 01391485 _____ () C:\Users\Lauren\Downloads\ultralow_settings_mod1.1.zip
2014-07-06 13:53 - 2014-07-06 13:53 - 00000022 _____ () C:\Users\Lauren\Downloads\orbit_api.ini
2014-07-03 11:55 - 2014-03-31 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-29 11:22 - 2014-06-29 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-06-29 11:22 - 2014-06-29 11:21 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-06-29 11:21 - 2014-06-29 11:21 - 09052192 _____ (Cheat Engine ) C:\Users\Lauren\Downloads\CheatEngine64.exe
2014-06-29 07:30 - 2014-06-29 07:28 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-06-29 07:28 - 2014-06-29 07:28 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-06-29 07:25 - 2014-06-29 07:25 - 02143832 _____ () C:\Users\Lauren\Downloads\instsf449.exe
2014-06-28 08:03 - 2013-01-31 17:35 - 00000000 ____D () C:\Users\Lauren\AppData\Local\PunkBuster
2014-06-28 08:02 - 2013-01-29 17:14 - 00000000 ____D () C:\Users\Lauren\Documents\My Games
2014-06-28 07:57 - 2013-05-24 07:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-28 07:56 - 2014-06-27 22:16 - 00037022 _____ () C:\Windows\DirectX.log
2014-06-27 23:39 - 2014-03-25 07:44 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-06-27 23:39 - 2011-10-12 17:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-27 22:18 - 2014-06-27 22:18 - 00000000 ____D () C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2014-06-27 22:18 - 2014-06-27 22:18 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Downloaded Installations
2014-06-27 22:18 - 2014-06-27 22:18 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-06-27 22:12 - 2014-06-27 22:12 - 00431104 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00116736 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00086016 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-27 22:12 - 2014-06-27 22:12 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-27 22:11 - 2014-06-27 22:11 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-27 21:42 - 2014-06-27 21:42 - 00613200 _____ () C:\Users\Lauren\Downloads\wing-commander-saga-prologue.exe
2014-06-27 17:52 - 2014-06-27 17:50 - 00000000 ____D () C:\Users\Lauren\Downloads\Command And Conquer 3 Tiberium Wars
2014-06-27 07:51 - 2014-03-16 17:50 - 00000472 _____ () C:\Windows\Tasks\SBW_UpdateTask_Time_323835363539383132302d2337785a326c5b3234342d41.job
2014-06-27 07:51 - 2009-07-13 23:08 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-26 16:20 - 2014-06-26 16:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-26 15:01 - 2013-04-18 19:56 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\TS3Client
2014-06-26 15:00 - 2014-02-10 18:23 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-26 12:27 - 2014-06-25 17:36 - 00000000 ____D () C:\ProgramData\FolderTransfer
2014-06-25 20:03 - 2014-06-25 19:54 - 401729391 _____ () C:\Users\Lauren\Downloads\7Base - Four Sorceress Armors-48446-2-0.7z
2014-06-25 18:04 - 2014-02-10 17:12 - 00000000 ____D () C:\Users\Lauren\AppData\Local\LogMeInIgnition
2014-06-25 18:03 - 2014-02-10 16:40 - 00001024 _____ () C:\.rnd
2014-06-25 17:59 - 2014-06-25 17:59 - 25214976 _____ () C:\Users\Lauren\Downloads\LogMeIn.msi
2014-06-25 17:36 - 2014-06-25 17:36 - 02362936 _____ () C:\Users\Lauren\Downloads\foldertransfer.zip
2014-06-25 17:27 - 2014-06-25 17:26 - 09312032 _____ (Microsoft Corporation) C:\Users\Lauren\Downloads\wet7xp_x64.exe
2014-06-24 19:34 - 2014-06-24 19:33 - 13025420 _____ (WhatPulse ) C:\Users\Lauren\Downloads\whatpulse-win-2.4.exe
2014-06-24 11:10 - 2012-04-17 21:07 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-06-24 10:54 - 2014-05-28 19:00 - 00000000 ____D () C:\Program Files (x86)\BOOMBox Radio Player
2014-06-23 20:35 - 2014-03-19 16:22 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-06-23 20:33 - 2014-06-10 15:21 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-23 19:57 - 2013-08-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Star Conflict
2014-06-23 19:49 - 2014-06-10 15:17 - 00000000 ____D () C:\Program Files (x86)\Tropico 5
2014-06-23 18:32 - 2014-06-16 19:22 - 00000000 ____D () C:\Program Files (x86)\R.G. Catalyst
2014-06-23 18:32 - 2014-01-19 12:30 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Black_Tree_Gaming
2014-06-23 18:31 - 2014-06-16 19:42 - 00000000 ____D () C:\Users\Lauren\AppData\Local\FalloutNV
2014-06-23 18:31 - 2014-01-19 12:33 - 00000000 ____D () C:\Games
2014-06-23 15:28 - 2013-05-15 17:22 - 00007602 _____ () C:\Users\Lauren\AppData\Local\Resmon.ResmonCfg
2014-06-22 20:35 - 2014-06-22 20:35 - 07878008 _____ (Microsoft Corporation) C:\Users\Lauren\Downloads\Xbox360_64Eng.exe
2014-06-22 20:08 - 2014-06-22 20:08 - 00000000 ____D () C:\ProgramData\Validity
2014-06-22 20:03 - 2014-06-22 20:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-06-22 10:30 - 2014-06-19 20:43 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
 
Files to move or delete:
====================
C:\Users\Lauren\jagex_cl_runescape_LIVE.dat
C:\Users\Lauren\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Lauren\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Lauren\AppData\Local\Temp\sfextra.dll
C:\Users\Lauren\AppData\Local\Temp\ubi33ED.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 00:16
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Lauren at 2014-07-22 11:40:24
Running from C:\Users\Lauren\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
Any Audio Converter 4.0.6 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 Beta (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Atlantis Adventure (HKLM-x32\...\BFG-Atlantis Adventure) (Version:  - )
AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Banished v1.0.1 (64-bit) (HKLM\...\Banished v1.0.1 (64-bit)1.0.1) (Version: 1.0.1 - Friends in War)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Euro Truck Simulator 2 v1.10.1s (DLC Metallics and East) (HKLM-x32\...\Euro Truck Simulator 2 v1.10.1s (DLC Metallics and East)1.10.1s) (Version: 1.10.1s - Friends in War)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.03 - Ubisoft)
Far Cry 3 Update v1.04-=AviaRa=- 1.04 (HKLM-x32\...\Far Cry 3 Update v1.04-=AviaRa=- 1.04) (Version:  - )
Farm Up (HKLM-x32\...\BFG-Farm Up) (Version:  - )
Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ghost Recon Online (EU) (HKCU\...\d8be6c3f847d7d92) (Version: 1.35.973.2 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{84BD11C9-3AC8-4845-AFB3-39A551618820}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 5510d series Basic Device Software (HKLM\...\{F26D0153-CD17-4662-8592-DD98498DE6E4}) (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Help (HKLM-x32\...\{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510d series Product Improvement Study (HKLM\...\{F5551626-0E88-4399-A32D-2F6115CCDD92}) (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000F0}) (Version: 7.0.0 - Oracle)
Java™ 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000F0}) (Version: 7.0.0 - Oracle)
Jewel Match IV (HKLM-x32\...\BFG-Jewel Match IV) (Version:  - )
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
LogMeIn Hamachi (x32 Version: 2.2.0.105 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROBLOX Player for Lauren (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Conflict (HKLM-x32\...\Steam App 212070) (Version:  - Star Gem Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Tom Clancy's Ghost Recon Online (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Torch (HKCU\...\Torch) (Version: 33.0.0.7326 - Torch Media, Inc) <==== ATTENTION
Towns (HKLM-x32\...\Steam App 221020) (Version:  - Xavi Canal, Ben Palgi)
TurboTax 2012 (HKLM-x32\...\{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vesuvia (HKLM-x32\...\BFG-Vesuvia) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XCOM: Enemy Within (HKLM-x32\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )
 
==================== Restore Points  =========================
 
28-06-2014 04:12:47 Installed Wing Commander Saga Prologue
28-06-2014 04:15:20 Installed DirectX
28-06-2014 05:39:34 Installed Far Cry 3
28-06-2014 13:54:16 Installed DirectX
30-06-2014 14:59:33 Removed Wing Commander Saga Prologue
21-07-2014 16:02:02 Revo Uninstaller's restore point - WildTangent Games
21-07-2014 16:24:57 Revo Uninstaller's restore point - µTorrent
 
==================== Hosts content: ==========================
 
2014-02-18 22:06 - 2014-05-09 17:49 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0F79FDFB-C25B-4800-A74D-5C3FC3CFAEA9} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {176830C0-3171-4FC4-BEEF-C007FCC15F11} - System32\Tasks\HPCeeScheduleForLauren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1D3DEBD1-6940-4FA1-BF97-F0A040A96751} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {2432803B-6814-4942-89C2-010271D79AC5} - System32\Tasks\HPCustParticipation HP Photosmart 5510d series => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16] (Hewlett-Packard Co.)
Task: {2D63C8F0-D0A3-4A3C-B5D4-E9145125D5BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {2F4EF288-88E3-40DD-A0CD-76CBF2B66462} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {40FBB945-8DCD-468E-A3EC-17ADD46BF2F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {41189E06-B464-429E-B96E-D5E43A655707} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {5C6CF8FB-1ECF-4C32-893C-32CFED4CCC39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {60487DEF-5E12-4D44-BE32-DE11CA8F2F9B} - System32\Tasks\{28EDD789-9FA5-4219-BD54-D45D6278A697} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-05-26] (Apple Inc.)
Task: {6A3B5D71-6534-418B-9CEC-A179924DB217} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6A40903F-A114-491B-8424-BDBAB2A41531} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {77C45765-175B-43E5-BE91-40C63DA6C03A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {7EB740EC-EECF-4EA2-B4BC-B6E219A60634} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {8DF6EAA9-D559-45A7-9570-926F04F7D67E} - System32\Tasks\{66AB699F-227F-4550-940B-A022F7E7D7B5} => C:\Program Files (x86)\Atari\RollerCoaster Tycoon® 3\RCT3plus.exe [2005-12-21] (Frontier Developments Ltd)
Task: {96605D47-2D54-480B-9056-095D9995C136} - System32\Tasks\{574BB6E9-B605-4170-BD71-672B5D37AC7A} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-05-26] (Apple Inc.)
Task: {9E18EDE6-D07F-45EC-8FD3-AFB5DCD10570} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E21C1EF-2A6E-4F59-B0F4-F161FCBDAA15} - \DealPly No Task File <==== ATTENTION
Task: {A01BA2F1-22F6-42F9-8292-40C512F109A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD1A7CFF-632F-4E09-85CF-97A5BA28741C} - System32\Tasks\{749318E8-6E70-46C7-B1C9-BB8A8459AB03} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {B3779F6F-01CD-4E9F-ACEC-40E2EEA06DE8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {B4083D5A-B081-496F-AA74-C1366673A272} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BB0CDBA8-DD77-4BBA-88C8-5980F2341FF6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {C2E049F0-689A-4E4C-BB4C-F54171878BE4} - System32\Tasks\Detect network connection => C:\Windows\SysWOW64\schdiphlp.exe
Task: {C3D5257A-338D-4B3D-862E-7BC847F634BB} - System32\Tasks\{0CFBBCF0-E6E4-48AB-9FD7-3CEB6E62FC47} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {CA4AA3F3-85EC-47F8-A324-6BFCFE9336D9} - System32\Tasks\AdobeAAMUpdater-1.0-Lauren-HP-Lauren => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {CFB8C104-6C3D-4A16-A42C-535C2B33BC7F} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {D32B59BD-1E3A-44EF-980D-4E1F87136440} - \LaunchApp No Task File <==== ATTENTION
Task: {D4B71290-FA5B-4CA2-AE4B-C66BE78ACAF4} - System32\Tasks\{95F5E89A-1F58-45FC-85FD-9EE821110426} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {D5571872-E7E9-4187-8F1A-E44877FA8D36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {E7ABD842-895A-458B-A44F-8EE6CDC5B76F} - System32\Tasks\Updater21804.exe => C:\Users\Lauren\AppData\Local\Updater21804\Updater21804.exe <==== ATTENTION
Task: {EDE072CF-8E53-4B95-962A-D21CACAA337E} - System32\Tasks\{AF607CDE-7125-41AA-9D4F-960A3769799F} => C:\Users\Lauren\Desktop\Planetside 2\2\Aim Hack.exe
Task: {EE1C3C45-5CCD-42D0-84F7-4C870EC55BE5} - \DTReg No Task File <==== ATTENTION
Task: {FCE6510C-4F0E-4939-8FE4-01C2F3C0044E} - System32\Tasks\{05BAA77B-DB80-4C41-8172-57BCB907497F} => C:\Windows\SysWOW64 [2014-07-09] ()
Task: {FD8BA9F6-3CBA-47C7-9EE0-161C3E39A483} - System32\Tasks\{821AF29A-D3A2-485F-8E9A-0F543D621D07} => C:\Users\Lauren\Desktop\Planetside 2\2\Aim Hack.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLauren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SBW_UpdateTask_Time_323835363539383132302d2337785a326c5b3234342d41.job => C:\ProgramData\SpeedBit\sbhe.js" sbu.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-18 15:52 - 2014-05-20 10:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-18 20:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-05-02 15:41 - 2011-05-02 15:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-05-24 07:54 - 2014-06-28 07:57 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-04-15 12:16 - 2011-04-15 12:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-04 02:36 - 2014-03-04 02:36 - 01011320 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
2014-06-18 15:52 - 2014-05-20 04:11 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-07-18 12:15 - 2014-07-15 03:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 12:15 - 2014-07-15 03:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 12:15 - 2014-07-15 03:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 12:15 - 2014-07-15 03:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 12:15 - 2014-07-15 03:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2013-05-20 10:01 - 2013-05-20 10:01 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fd7fa1aa086fc23a60b1536d346f5657\IsdiInterop.ni.dll
2011-11-29 21:23 - 2011-04-30 02:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:014BC3B4
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:059167AF
AlternateDataStreams: C:\ProgramData\Temp:05F547A9
AlternateDataStreams: C:\ProgramData\Temp:063969F8
AlternateDataStreams: C:\ProgramData\Temp:073139EC
AlternateDataStreams: C:\ProgramData\Temp:08DB8D99
AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E
AlternateDataStreams: C:\ProgramData\Temp:0DFE2AE1
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:0E61938B
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:12EA4DC9
AlternateDataStreams: C:\ProgramData\Temp:14FA5E46
AlternateDataStreams: C:\ProgramData\Temp:16F2A6FF
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204
AlternateDataStreams: C:\ProgramData\Temp:1ADC4BD5
AlternateDataStreams: C:\ProgramData\Temp:1B3549F2
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
AlternateDataStreams: C:\ProgramData\Temp:29C0641D
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2CED8825
AlternateDataStreams: C:\ProgramData\Temp:2EB79F01
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:330E66BD
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:36608448
AlternateDataStreams: C:\ProgramData\Temp:36A39835
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:37994DBE
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83
AlternateDataStreams: C:\ProgramData\Temp:38E2864F
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:3B07E6F4
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:4149A170
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:43E95997
AlternateDataStreams: C:\ProgramData\Temp:471AD3D0
AlternateDataStreams: C:\ProgramData\Temp:49EB0FDC
AlternateDataStreams: C:\ProgramData\Temp:4A966CC2
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4B70A9FA
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
AlternateDataStreams: C:\ProgramData\Temp:4EF94CF3
AlternateDataStreams: C:\ProgramData\Temp:4F96D8E6
AlternateDataStreams: C:\ProgramData\Temp:517B507A
AlternateDataStreams: C:\ProgramData\Temp:517DBC32
AlternateDataStreams: C:\ProgramData\Temp:52B3B2D1
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:56F368C9
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:57619D72
AlternateDataStreams: C:\ProgramData\Temp:59846E5E
AlternateDataStreams: C:\ProgramData\Temp:5A8F8A0C
AlternateDataStreams: C:\ProgramData\Temp:5AE33054
AlternateDataStreams: C:\ProgramData\Temp:5C0940F1
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5DB4FD98
AlternateDataStreams: C:\ProgramData\Temp:5F1019FF
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:6301CE40
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF
AlternateDataStreams: C:\ProgramData\Temp:68FC22BD
AlternateDataStreams: C:\ProgramData\Temp:69FE2EE4
AlternateDataStreams: C:\ProgramData\Temp:6CEC50B4
AlternateDataStreams: C:\ProgramData\Temp:6D5A15BF
AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
AlternateDataStreams: C:\ProgramData\Temp:73B78E79
AlternateDataStreams: C:\ProgramData\Temp:76466F4C
AlternateDataStreams: C:\ProgramData\Temp:7920E530
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621
AlternateDataStreams: C:\ProgramData\Temp:82756AB7
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:884C7316
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:896FF808
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8AC20936
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
AlternateDataStreams: C:\ProgramData\Temp:8C81B36D
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:908A1B53
AlternateDataStreams: C:\ProgramData\Temp:933D54A9
AlternateDataStreams: C:\ProgramData\Temp:9547F1DB
AlternateDataStreams: C:\ProgramData\Temp:957E9765
AlternateDataStreams: C:\ProgramData\Temp:961B4D58
AlternateDataStreams: C:\ProgramData\Temp:96646EC1
AlternateDataStreams: C:\ProgramData\Temp:966CEAE7
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:9D5BB34A
AlternateDataStreams: C:\ProgramData\Temp:9E0656EC
AlternateDataStreams: C:\ProgramData\Temp:A0C7D68A
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A17CCD03
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\ProgramData\Temp:A2907225
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B
AlternateDataStreams: C:\ProgramData\Temp:A3E39C6A
AlternateDataStreams: C:\ProgramData\Temp:A41FEAA2
AlternateDataStreams: C:\ProgramData\Temp:A5264343
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF
AlternateDataStreams: C:\ProgramData\Temp:A97FF73C
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B12D1A7D
AlternateDataStreams: C:\ProgramData\Temp:B285A50E
AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B3D50E25
AlternateDataStreams: C:\ProgramData\Temp:B722BCE5
AlternateDataStreams: C:\ProgramData\Temp:B761039D
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BAC2F271
AlternateDataStreams: C:\ProgramData\Temp:BCDC6E07
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C69BA1D0
AlternateDataStreams: C:\ProgramData\Temp:C82210DD
AlternateDataStreams: C:\ProgramData\Temp:C86B29EB
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CC386FD2
AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CE6885F1
AlternateDataStreams: C:\ProgramData\Temp:D0AB0B4A
AlternateDataStreams: C:\ProgramData\Temp:D254266B
AlternateDataStreams: C:\ProgramData\Temp:D8134D8F
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:D9987109
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3
AlternateDataStreams: C:\ProgramData\Temp:DCB27118
AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD
AlternateDataStreams: C:\ProgramData\Temp:DF30C7A6
AlternateDataStreams: C:\ProgramData\Temp:E0848D16
AlternateDataStreams: C:\ProgramData\Temp:E0AE69BE
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E6537A16
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
AlternateDataStreams: C:\ProgramData\Temp:EB5BDBB0
AlternateDataStreams: C:\ProgramData\Temp:EC0279DC
AlternateDataStreams: C:\ProgramData\Temp:ED9B661E
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC
AlternateDataStreams: C:\ProgramData\Temp:EE7AAC75
AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F422F8F1
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F67947AF
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Users^Lauren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: 10522Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\10522Hagsclub launcher.exe
MSCONFIG\startupreg: 21499Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\21499Hagsclub launcher.exe
MSCONFIG\startupreg: 30975Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\30975Hagsclub launcher.exe
MSCONFIG\startupreg: 44181Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\44181Hagsclub launcher.exe
MSCONFIG\startupreg: 49841Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\49841Hagsclub launcher.exe
MSCONFIG\startupreg: 61618Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\61618Hagsclub launcher.exe
MSCONFIG\startupreg: 78926Hagsclub launcher.exe => C:\Users\Lauren\AppData\Roaming\78926Hagsclub launcher.exe
MSCONFIG\startupreg: 9629A16598E92D4D624DF764199A5485B6307E57._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeUpdate => wscript "C:\Users\Lauren\AppData\Roaming\Adobe32\invis.vbs" "C:\Users\Lauren\AppData\Roaming\Adobe32\bat.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Lauren\AppData\Local\Smartbar\Application\SnapDo.exe startup
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: ConduitFloatingPlugin_dnmlhhbehhdmajijfenoldcajelckpmn => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291327\plugins\TBVerifier.dll",RunConduitFloatingPlugin dnmlhhbehhdmajijfenoldcajelckpmn
MSCONFIG\startupreg: FastFox => "C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe" -logon
MSCONFIG\startupreg: GoogleChromeAutoLaunch_5A7CED7E60360B541D5D45B04E2E9E47 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe
MSCONFIG\startupreg: RazerGameBooster => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SearchProtect => C:\Users\Lauren\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2014 09:15:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x00000000000303f2
Faulting process id: 0x4c8
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/21/2014 00:10:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x00000000000303f2
Faulting process id: 0x490
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/20/2014 11:41:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: torch.exe, version: 33.0.0.7326, time stamp: 0x53bdfe4c
Faulting module name: torch.exe, version: 33.0.0.7326, time stamp: 0x53bdfe4c
Exception code: 0x40000015
Fault offset: 0x0004843e
Faulting process id: 0x16e4
Faulting application start time: 0xtorch.exe0
Faulting application path: torch.exe1
Faulting module path: torch.exe2
Report Id: torch.exe3
 
Error: (07/20/2014 11:31:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x000000000005285f
Faulting process id: 0x514
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/20/2014 11:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x00000000000303f2
Faulting process id: 0x4c4
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/20/2014 04:11:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x000000000005285f
Faulting process id: 0x50c
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/20/2014 02:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x000000000005285f
Faulting process id: 0x510
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/19/2014 10:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x000000000005285f
Faulting process id: 0x4d0
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (07/19/2014 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6341.0, time stamp: 0x4ddf1a4c
Faulting module name: stapi64.dll, version: 1.0.6498.0, time stamp: 0x52a02f91
Exception code: 0xc0000005
Fault offset: 0x00000000000303f2
Faulting process id: 0x4c8
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
 
System errors:
=============
Error: (07/22/2014 09:16:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
amdkmafd
 
Error: (07/22/2014 09:16:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/22/2014 09:16:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
%%2
 
Error: (07/22/2014 09:16:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error: 
%%3
 
Error: (07/22/2014 09:14:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (07/22/2014 09:14:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (07/22/2014 09:14:09 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (07/22/2014 09:09:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (07/22/2014 09:09:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (07/22/2014 09:09:20 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
 
Microsoft Office Sessions:
=========================
Error: (07/22/2014 09:15:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c000000500000000000303f24c801cfa5bfcc93412eC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dll13426178-11b3-11e4-be70-101f74fadaf2
 
Error: (07/21/2014 00:10:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c000000500000000000303f249001cfa4aa6d5bb856C:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dllb40ad8a0-109d-11e4-8df8-101f74fadaf2
 
Error: (07/20/2014 11:41:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: torch.exe33.0.0.732653bdfe4ctorch.exe33.0.0.732653bdfe4c400000150004843e16e401cfa4a6513c9c25C:\Users\Lauren\AppData\Local\Torch\Application\torch.exeC:\Users\Lauren\AppData\Local\Torch\Application\torch.exe989eb512-1099-11e4-9eb6-101f74fadaf2
 
Error: (07/20/2014 11:31:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c0000005000000000005285f51401cfa4a4fd2902adC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dll43df4717-1098-11e4-9eb6-101f74fadaf2
 
Error: (07/20/2014 11:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c000000500000000000303f24c401cfa4a2d90e02f9C:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dll1fbf84a3-1096-11e4-9cdf-101f74fadaf2
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/20/2014 04:11:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c0000005000000000005285f50c01cfa4678c5a3ea1C:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dlld3238e0e-105a-11e4-8b03-101f74fadaf2
 
Error: (07/20/2014 02:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c0000005000000000005285f51001cfa45d67081dccC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dlladc0c397-1050-11e4-9860-101f74fadaf2
 
Error: (07/19/2014 10:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c0000005000000000005285f4d001cfa3d4972d6e72C:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dlldddef01c-0fc7-11e4-809e-101f74fadaf2
 
Error: (07/19/2014 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6341.04ddf1a4cstapi64.dll1.0.6498.052a02f91c000000500000000000303f24c801cfa3d33260100dC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\stapi64.dll791fd9f9-0fc6-11e4-944a-101f74fadaf2
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-27 12:47:54.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-27 12:47:54.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-27 12:47:54.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-27 12:47:54.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-13 04:19:18.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-13 04:19:18.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-13 04:19:18.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-13 04:19:18.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-07 00:46:12.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-07 00:46:12.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 6091.86 MB
Available physical RAM: 3116.7 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9065.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (PC) (Fixed) (Total:672.82 GB) (Free:61.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:25.62 GB) (Free:6.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: AF00E73A)
Partition 1: (Not Active) - (Size=198 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=673 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=26 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
The  aswMBR Log:  is taking a long time so I will post it when it finishes.

  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Okay, Triskelion. I will return once you have posted the aswMBR log. :)


  • 0

#7
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Okay Adam... 

Here is the log

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-22 13:36:36
-----------------------------
13:36:36.413    OS Version: Windows x64 6.1.7601 Service Pack 1
13:36:36.413    Number of processors: 4 586 0x2A07
13:36:36.414    ComputerName: LAUREN-HP  UserName: Lauren
13:36:39.664    Initialize success
13:36:39.664    VM: initialized successfully
13:36:39.677    VM: Intel CPU supported 
13:36:42.103    VM: supported disk I/O ataport.SYS
13:37:18.046    AVAST engine defs: 14072200
13:37:23.461    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:37:23.463    Disk 0 Vendor: Hitachi_HTS547575A9E384 JE4OA50A Size: 715404MB BusType: 11
13:37:24.028    Disk 0 MBR read successfully
13:37:24.030    Disk 0 MBR scan
13:37:24.035    Disk 0 Windows 7 default MBR code
13:37:24.058    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS          198 MB offset 2048
13:37:24.077    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       688967 MB offset 409600
13:37:24.088    Disk 0 default boot code
13:37:24.131    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        26235 MB offset 1411414016
13:37:24.656    Disk 0 scanning C:\Windows\system32\drivers
13:38:30.911    Service scanning
13:39:11.469    Modules scanning
13:39:11.473    Disk 0 trace - called modules:
13:39:11.576    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:39:11.581    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068a8060]
13:39:11.585    3 CLASSPNP.SYS[fffff88001cfe43f] -> nt!IofCallDriver -> [0xfffffa800673ab10]
13:39:11.589    5 hpdskflt.sys[fffff8800183c189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80065fd060]
13:39:14.604    AVAST engine scan C:\
13:40:18.149    File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Pirrit\IEExtension\IEExtension.dll.vir  **INFECTED** MSIL:PirritSuggestor-A [Adw]
19:15:33.941    Scan finished successfully
09:36:53.106    Disk 0 MBR has been saved successfully to "C:\Users\Lauren\Desktop\MBR.dat"
09:36:53.110    The log file has been saved successfully to "C:\Users\Lauren\Desktop\aswMBR.txt"

  • 0

#8
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Triskelion,
 
From your logs I can see clear usage of P2P filesharing. There may be a number of cracked games present as well. Whilst the P2P software (uTorrent) was removed recently, the files downloaded are still present - some of which may be part of cracked software such as games. I must issue this warning on the usage of P2P filesharing (which you may wish to show to the main user of the machine), and ask you to proceed by running the following scan. 
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have, or have had peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. For more information please refer to the following articles: 

Risks of File-Sharing Technology
P2P Software User Advisories
More malware is traveling on P2P networks these days

 
XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your desktopCopy the contents of the log and paste in your next reply.

  • 0

#9
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

I had a feeling that was going to be the case when I looked at her computer. That would be the work of her brother and his gaming habits.

I will run the scan tomorrow morning when I get back to the computer.

 

She has let me know that we are free to rid the PC of ANYTHING... so please feel free to remove anything in your fix with impunity.

She has saved anything of importance already.

 

See you tomorrow.

 

- T


  • 0

#10
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Morning Adam.

Here are the contents of CKscanner

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\winrar password cracker\7z.dll
c:\program files (x86)\winrar password cracker\7z64.dll
c:\program files (x86)\winrar password cracker\dict.lst
c:\program files (x86)\winrar password cracker\eula.rtf
c:\program files (x86)\winrar password cracker\help.chm
c:\program files (x86)\winrar password cracker\microsoft.windowsapicodepack.dll
c:\program files (x86)\winrar password cracker\microsoft.windowsapicodepack.shell.dll
c:\program files (x86)\winrar password cracker\rarpassrecovery.exe
c:\program files (x86)\winrar password cracker\rarpassrecovery.exe.config
c:\program files (x86)\winrar password cracker\rarpassrecoverystarter.exe
c:\program files (x86)\winrar password cracker\rarpassrecoverystarter.exe.ini
c:\program files (x86)\winrar password cracker\sevenzipsharp.dll
c:\program files (x86)\winrar password cracker\system.core.dll
c:\program files (x86)\winrar password cracker\system.threading.dll
c:\program files (x86)\winrar password cracker\uninstall.lnk
c:\program files (x86)\winrar password cracker\webtooker.appframework.dll
c:\program files (x86)\winrar password cracker\webtooker.appupdate.dll
c:\program files (x86)\winrar password cracker\webtooker.drawing.dll
c:\program files (x86)\winrar password cracker\webtooker.framework.dll
c:\program files (x86)\winrar password cracker\webtooker.wepassrecover.domain.dll
c:\program files (x86)\winrar password cracker\webtooker.wepassrecover.domain.dll.config
c:\program files (x86)\winrar password cracker\webtooker.wepassrecover.presentation.dll
c:\program files (x86)\winrar password cracker\webtooker.werarpassrecover.core.dll
c:\program files (x86)\winrar password cracker\webtooker.win32.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.animations.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.ribbons.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.ribbons.xmlserializers.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.widgets.dll
c:\program files (x86)\winrar password cracker\bg\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\de\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\es-mx\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\fr\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\it\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\lt\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\nl\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\pt-br\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\ru\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\zh-chs\webtooker.windows.resources.dll
c:\program files (x86)\winrar password cracker\zh-cn\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\zh-hans\webtooker.windows.forms.ribbons.resources.dll
c:\program files (x86)\winrar password cracker\zh-tw\webtooker.appupdate.resources.dll
c:\users\lauren\appdata\local\winrarpasswordcracker.com\rarpassrecovery.exe_url_2qmuvty345aa2epbp3e0gs2ksm5dyycs\4.2.0.0\user.config
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\fc3.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\fc3_d3d11.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\orbit_api.ini
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\ubiorbitapi_r2_loader.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\uplay_r1_loader.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\fc3.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\fc3_d3d11.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\orbit_api.ini
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\ubiorbitapi_r2_loader.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\uplay_r1_loader.dll
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\lauren\downloads\bigfish-games---westward-+-crack.rar
c:\users\lauren\music\itunes\itunes media\music\eminem, dr. dre & 50 cent\crack a bottle - single\01 crack a bottle (single version).m4a
c:\users\lauren\music\itunes\itunes media\music\eminem, dr. dre & 50 cent\crack a bottle - single\desktop.ini
scanner sequence 3.ZZ.11.WJNALZ
 ----- EOF ----- 

  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Triskelion, 
 
As you can see, there are various cracks for different games. For example:

  • c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\fc3.dll
  • c:\users\lauren\downloads\bigfish-games---westward-+-crack.rar

Participating in the usage of cracked software will make the computer continuously susceptible to malware infection. Before we can proceed all cracks must be removed from the computer; proceeding without doing so would otherwise be a pointless exercise. Unless all cracks are removed, and the usage of such software ceased, the computer will be repeatedly infected.
 
I understand that this is not your machine, and you are not responsible for the installation of such software. Perhaps it would be best to discuss this issue with the main user. I will provide a standard warning usually issued to those found with such software - you may wish to show this warning as well. 
 

goGMWSt.gifCRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections are a result of downloading cracked/pirated/keygen software. Participating in the use of such software is not only illegal but also a major security riskWe do not approve of nor support illegal software.

Cracked software is not only unethical and illegal; it is also a major security risk – your infected computer is evidence of this. Malware authors promote and release c racked software to spread their infections. I strongly recommend you refrain from participating in this activity; otherwise your machine will be repeatedly infected. Even visiting a cracked software site can result in infection via drive-by exploits of programmes or your Operating System.

Cracked software, cracking tools and keygens are all a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your hard drive and reinstall the Operating System. For more information, please refer to the following article.

I am prepared to continue helping you remove the infections present on your machine as long as you remove all traces of cracked software.

 
Once you have discussed this issue with the main user of the machine, please re-run CKScanner once more. You may need to ask the main user exactly which programmes/files are cracked in order to remove all cracked software from the machine. 
 
I am more than happy to proceed with the cleaning of this machine once the cracked software present is removed.


  • 0

#12
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Should I just remove EVERYTHING in the scan? I have her permission


  • 0

#13
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Triskelion, 
 

Should I just remove EVERYTHING in the scan? I have her permission

Not everything identified in the log is necessarily cracked software. On the otherhand, there may be cracked software on the machine that is not identified in the log. However, if the following files and software are removed, I am prepared to proceed with the removal process as this situation is different to other cases.
 
The list below may not be all inclusive; please be aware if the laptop is reinfected in the future with cracked software still present, help may be refused on this basis. I strongly encourage you to speak with the main user of the machine after we finish here, and inform him of the risks associated with P2P, torrents, and most importantly, cracked/pirated software.

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Far Cry 3 Update v1.04-=AviaRa=- 1.04, right-click and click Uninstall. 
  • Follow the prompts.
     

Using Windows Explorer, please delete the following folders/files (if present):

  • c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded
  • C:\ProgramData\Orbit
  • C:\Program Files (x86)\R.G. Catalyst
  • C:\Users\Lauren\Downloads\orbit_api.ini
  • C:\Users\Lauren\Downloads\Far.Cry.3.Update.v1.04-RELOADED.7962332.TPB.torrent
     

Once done, please run CKScanner one more time and post the log generated. We will begin afterwards.


  • 0

#14
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Hi Adam;

 

Files removed.. Here is the list.

Remember, feel free to remove anything and everything that you think should be removed.

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\winrar password cracker\7z.dll
c:\program files (x86)\winrar password cracker\7z64.dll
c:\program files (x86)\winrar password cracker\dict.lst
c:\program files (x86)\winrar password cracker\eula.rtf
c:\program files (x86)\winrar password cracker\help.chm
c:\program files (x86)\winrar password cracker\microsoft.windowsapicodepack.dll
c:\program files (x86)\winrar password cracker\microsoft.windowsapicodepack.shell.dll
c:\program files (x86)\winrar password cracker\rarpassrecovery.exe
c:\program files (x86)\winrar password cracker\rarpassrecovery.exe.config
c:\program files (x86)\winrar password cracker\rarpassrecoverystarter.exe
c:\program files (x86)\winrar password cracker\rarpassrecoverystarter.exe.ini
c:\program files (x86)\winrar password cracker\sevenzipsharp.dll
c:\program files (x86)\winrar password cracker\system.core.dll
c:\program files (x86)\winrar password cracker\system.threading.dll
c:\program files (x86)\winrar password cracker\uninstall.lnk
c:\program files (x86)\winrar password cracker\webtooker.appframework.dll
c:\program files (x86)\winrar password cracker\webtooker.appupdate.dll
c:\program files (x86)\winrar password cracker\webtooker.drawing.dll
c:\program files (x86)\winrar password cracker\webtooker.framework.dll
c:\program files (x86)\winrar password cracker\webtooker.wepassrecover.domain.dll
c:\program files (x86)\winrar password cracker\webtooker.wepassrecover.domain.dll.config
c:\program files (x86)\winrar password cracker\webtooker.wepassrecover.presentation.dll
c:\program files (x86)\winrar password cracker\webtooker.werarpassrecover.core.dll
c:\program files (x86)\winrar password cracker\webtooker.win32.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.animations.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.ribbons.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.ribbons.xmlserializers.dll
c:\program files (x86)\winrar password cracker\webtooker.windows.forms.widgets.dll
c:\program files (x86)\winrar password cracker\bg\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\de\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\es-mx\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\fr\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\it\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\lt\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\nl\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\pt-br\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\ru\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\zh-chs\webtooker.windows.resources.dll
c:\program files (x86)\winrar password cracker\zh-cn\webtooker.appupdate.resources.dll
c:\program files (x86)\winrar password cracker\zh-hans\webtooker.windows.forms.ribbons.resources.dll
c:\program files (x86)\winrar password cracker\zh-tw\webtooker.appupdate.resources.dll
c:\users\lauren\appdata\local\winrarpasswordcracker.com\rarpassrecovery.exe_url_2qmuvty345aa2epbp3e0gs2ksm5dyycs\4.2.0.0\user.config
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\fc3.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\fc3_d3d11.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\orbit_api.ini
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\ubiorbitapi_r2_loader.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.02-reloaded\crack\uplay_r1_loader.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\fc3.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\fc3_d3d11.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\orbit_api.ini
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\ubiorbitapi_r2_loader.dll
c:\users\lauren\desktop\eric's stuff\far.cry.3.update.v1.03-reloaded\crack\uplay_r1_loader.dll
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\lauren\documents\battlefield play4free\mods\main\cache\{d7b78e66-4256-11cf-c87a-5a36a9c2c535}_249386_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\lauren\downloads\bigfish-games---westward-+-crack.rar
c:\users\lauren\music\itunes\itunes media\music\eminem, dr. dre & 50 cent\crack a bottle - single\01 crack a bottle (single version).m4a
c:\users\lauren\music\itunes\itunes media\music\eminem, dr. dre & 50 cent\crack a bottle - single\desktop.ini
scanner sequence 3.ZZ.11.RWABAB
 ----- EOF ----- 

  • 0

#15
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Triskelion,
 

Files removed.. Here is the list.

Okay, thank you. Lets proceed. 
 
STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programme, right-click and click Uninstall.
    • Torch
  • Follow the prompts. Ensure you carefully read each page of the uninstaller, and do not inadvertently agree to the installation of additional software. 
  • Reboot if necessary.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    (Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
    SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
    SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
    SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
    FF Keyword.URL: hxxp://go.speedbit.com/search.aspx?s=Unknown&q=
    FF DefaultSearchEngine: Speedbit
    R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2541688 2014-03-04] (Speedbit Ltd.)
    Task: C:\Windows\Tasks\SBW_UpdateTask_Time_323835363539383132302d2337785a326c5b3234342d41.job => C:\ProgramData\SpeedBit\sbhe.js" sbu.exe
    C:\Windows\Tasks\SBW_UpdateTask_Time_323835363539383132302d2337785a326c5b3234342d41.job
    2014-03-04 02:36 - 2014-03-04 02:36 - 01011320 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
    R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-03-04] ()
    2014-06-27 07:51 - 2014-03-16 17:50 - 00000472 _____ () C:\Windows\Tasks\SBW_UpdateTask_Time_323835363539383132302d2337785a326c5b3234342d41.job
    C:\Program Files\Common Files\SpeedBit
    C:\ProgramData\SpeedBit
    (TorchMedia Inc.) C:\Users\Lauren\AppData\Local\Torch\Update\TorchCrashHandler.exe
    R2 TorchCrashHandler; C:\Users\Lauren\AppData\Local\Torch\Update\TorchCrashHandler.exe [1216520 2014-07-09] (TorchMedia Inc.)
    2014-07-08 00:39 - 2014-07-22 09:16 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
    2014-07-08 00:37 - 2014-07-08 00:37 - 01661136 _____ (Torch Media, Inc) C:\Users\Lauren\Downloads\TorchSetupk-r20-n-bc.exe
    2014-07-17 09:08 - 2014-05-07 15:19 - 00001257 _____ () C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    2014-07-17 09:08 - 2014-05-07 15:17 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Torch
    HKU\.DEFAULT\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
    S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
    C:\Program Files (x86)\Free Ride Games
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    SearchScopes: HKCU - {19E2B84A-76AB-4A61-83E6-7CD18211855F} URL = http://search.condui...rchTerms}&SSPV=
    SearchScopes: HKCU - {267BB848-E6E8-46A7-A0B6-8E0123B74611} URL = http://search.condui...PV=SSPV_AB_IE_1
    SearchScopes: HKCU - {3F66891D-B10C-45FD-9D4A-226A6165CEFB} URL = http://search.condui...4215271082&UM=2
    Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
    SearchScopes: HKCU - {3C3DCC02-C1F9-44CC-8A57-3EB6F6FA3376} URL = http://www.mysearchr...q={searchTerms}
    FF HKCU\...\Firefox\Extensions: [{193fe82a-c958-450c-8097-de926f5db967}] - C:\Program Files (x86)\LyricSing\130.xpi
    CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx [2014-04-11]
    C:\Program Files (x86)\LyricSing
    Task: {E7ABD842-895A-458B-A44F-8EE6CDC5B76F} - System32\Tasks\Updater21804.exe => C:\Users\Lauren\AppData\Local\Updater21804\Updater21804.exe <==== ATTENTION
    C:\Users\Lauren\AppData\Local\Updater21804
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Lauren\AppData\Local\Smartbar\Application\SnapDo.exe startup
    C:\Users\Lauren\AppData\Local\Smartbar
    MSCONFIG\startupreg: ConduitFloatingPlugin_dnmlhhbehhdmajijfenoldcajelckpmn => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291327\plugins\TBVerifier.dll",RunConduitFloatingPlugin dnmlhhbehhdmajijfenoldcajelckpmn
    C:\Program Files (x86)\Conduit
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    C:\Program Files (x86)\AVG SafeGuard toolbar
    MSCONFIG\startupreg: SearchProtect => C:\Users\Lauren\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Users\Lauren\AppData\Roaming\SearchProtect
    MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    MSCONFIG\startupreg: AdobeUpdate => wscript "C:\Users\Lauren\AppData\Roaming\Adobe32\invis.vbs" "C:\Users\Lauren\AppData\Roaming\Adobe32\bat.exe"
    :\Users\Lauren\AppData\Roaming\Adobe32
    BootExecute: autocheck autochk * bootdeletesdnclean64.exe
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    C:\Program Files (x86)\Spybot - Search & Destroy 2
    Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Program Files\Enigma Software Group
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    Task: {0F79FDFB-C25B-4800-A74D-5C3FC3CFAEA9} - \DealPlyUpdate No Task File <==== ATTENTION
    Task: {9E21C1EF-2A6E-4F59-B0F4-F161FCBDAA15} - \DealPly No Task File <==== ATTENTION
    Task: {CFB8C104-6C3D-4A16-A42C-535C2B33BC7F} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
    Task: {D32B59BD-1E3A-44EF-980D-4E1F87136440} - \LaunchApp No Task File <==== ATTENTION
    Task: {EE1C3C45-5CCD-42D0-84F7-4C870EC55BE5} - \DTReg No Task File <==== ATTENTION
    c:\users\lauren\downloads\bigfish-games---westward-+-crack.rar
    AlternateDataStreams: C:\ProgramData\Temp:014BC3B4
    AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
    AlternateDataStreams: C:\ProgramData\Temp:059167AF
    AlternateDataStreams: C:\ProgramData\Temp:05F547A9
    AlternateDataStreams: C:\ProgramData\Temp:063969F8
    AlternateDataStreams: C:\ProgramData\Temp:073139EC
    AlternateDataStreams: C:\ProgramData\Temp:08DB8D99
    AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E
    AlternateDataStreams: C:\ProgramData\Temp:0DFE2AE1
    AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
    AlternateDataStreams: C:\ProgramData\Temp:0E61938B
    AlternateDataStreams: C:\ProgramData\Temp:1095ECE1
    AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
    AlternateDataStreams: C:\ProgramData\Temp:12A012A1
    AlternateDataStreams: C:\ProgramData\Temp:12EA4DC9
    AlternateDataStreams: C:\ProgramData\Temp:14FA5E46
    AlternateDataStreams: C:\ProgramData\Temp:16F2A6FF
    AlternateDataStreams: C:\ProgramData\Temp:18897B1D
    AlternateDataStreams: C:\ProgramData\Temp:1A4BF204
    AlternateDataStreams: C:\ProgramData\Temp:1ADC4BD5
    AlternateDataStreams: C:\ProgramData\Temp:1B3549F2
    AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
    AlternateDataStreams: C:\ProgramData\Temp:217A2A36
    AlternateDataStreams: C:\ProgramData\Temp:2216A431
    AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
    AlternateDataStreams: C:\ProgramData\Temp:29C0641D
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:2CED8825
    AlternateDataStreams: C:\ProgramData\Temp:2EB79F01
    AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
    AlternateDataStreams: C:\ProgramData\Temp:30E0D641
    AlternateDataStreams: C:\ProgramData\Temp:330E66BD
    AlternateDataStreams: C:\ProgramData\Temp:33384BC0
    AlternateDataStreams: C:\ProgramData\Temp:35629AE6
    AlternateDataStreams: C:\ProgramData\Temp:36608448
    AlternateDataStreams: C:\ProgramData\Temp:36A39835
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    AlternateDataStreams: C:\ProgramData\Temp:37994DBE
    AlternateDataStreams: C:\ProgramData\Temp:38D2EA83
    AlternateDataStreams: C:\ProgramData\Temp:38E2864F
    AlternateDataStreams: C:\ProgramData\Temp:395F6776
    AlternateDataStreams: C:\ProgramData\Temp:3B07E6F4
    AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
    AlternateDataStreams: C:\ProgramData\Temp:4149A170
    AlternateDataStreams: C:\ProgramData\Temp:436BE28C
    AlternateDataStreams: C:\ProgramData\Temp:43E95997
    AlternateDataStreams: C:\ProgramData\Temp:471AD3D0
    AlternateDataStreams: C:\ProgramData\Temp:49EB0FDC
    AlternateDataStreams: C:\ProgramData\Temp:4A966CC2
    AlternateDataStreams: C:\ProgramData\Temp:4B244549
    AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
    AlternateDataStreams: C:\ProgramData\Temp:4B70A9FA
    AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
    AlternateDataStreams: C:\ProgramData\Temp:4EF94CF3
    AlternateDataStreams: C:\ProgramData\Temp:4F96D8E6
    AlternateDataStreams: C:\ProgramData\Temp:517B507A
    AlternateDataStreams: C:\ProgramData\Temp:517DBC32
    AlternateDataStreams: C:\ProgramData\Temp:52B3B2D1
    AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
    AlternateDataStreams: C:\ProgramData\Temp:54531C7D
    AlternateDataStreams: C:\ProgramData\Temp:56C66609
    AlternateDataStreams: C:\ProgramData\Temp:56F368C9
    AlternateDataStreams: C:\ProgramData\Temp:57173DB4
    AlternateDataStreams: C:\ProgramData\Temp:57619D72
    AlternateDataStreams: C:\ProgramData\Temp:59846E5E
    AlternateDataStreams: C:\ProgramData\Temp:5A8F8A0C
    AlternateDataStreams: C:\ProgramData\Temp:5AE33054
    AlternateDataStreams: C:\ProgramData\Temp:5C0940F1
    AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
    AlternateDataStreams: C:\ProgramData\Temp:5DB4FD98
    AlternateDataStreams: C:\ProgramData\Temp:5F1019FF
    AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
    AlternateDataStreams: C:\ProgramData\Temp:6301CE40
    AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
    AlternateDataStreams: C:\ProgramData\Temp:640DDEFF
    AlternateDataStreams: C:\ProgramData\Temp:68FC22BD
    AlternateDataStreams: C:\ProgramData\Temp:69FE2EE4
    AlternateDataStreams: C:\ProgramData\Temp:6CEC50B4
    AlternateDataStreams: C:\ProgramData\Temp:6D5A15BF
    AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
    AlternateDataStreams: C:\ProgramData\Temp:701B92FB
    AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
    AlternateDataStreams: C:\ProgramData\Temp:73B78E79
    AlternateDataStreams: C:\ProgramData\Temp:76466F4C
    AlternateDataStreams: C:\ProgramData\Temp:7920E530
    AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
    AlternateDataStreams: C:\ProgramData\Temp:7D288858
    AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
    AlternateDataStreams: C:\ProgramData\Temp:7ECD9621
    AlternateDataStreams: C:\ProgramData\Temp:82756AB7
    AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
    AlternateDataStreams: C:\ProgramData\Temp:884C7316
    AlternateDataStreams: C:\ProgramData\Temp:8967C154
    AlternateDataStreams: C:\ProgramData\Temp:896FF808
    AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
    AlternateDataStreams: C:\ProgramData\Temp:8AC20936
    AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
    AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
    AlternateDataStreams: C:\ProgramData\Temp:8C81B36D
    AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
    AlternateDataStreams: C:\ProgramData\Temp:902C848D
    AlternateDataStreams: C:\ProgramData\Temp:908A1B53
    AlternateDataStreams: C:\ProgramData\Temp:933D54A9
    AlternateDataStreams: C:\ProgramData\Temp:9547F1DB
    AlternateDataStreams: C:\ProgramData\Temp:957E9765
    AlternateDataStreams: C:\ProgramData\Temp:961B4D58
    AlternateDataStreams: C:\ProgramData\Temp:96646EC1
    AlternateDataStreams: C:\ProgramData\Temp:966CEAE7
    AlternateDataStreams: C:\ProgramData\Temp:97B3B270
    AlternateDataStreams: C:\ProgramData\Temp:9D5BB34A
    AlternateDataStreams: C:\ProgramData\Temp:9E0656EC
    AlternateDataStreams: C:\ProgramData\Temp:A0C7D68A
    AlternateDataStreams: C:\ProgramData\Temp:A1023D41
    AlternateDataStreams: C:\ProgramData\Temp:A17CCD03
    AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
    AlternateDataStreams: C:\ProgramData\Temp:A2907225
    AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
    AlternateDataStreams: C:\ProgramData\Temp:A3840F5B
    AlternateDataStreams: C:\ProgramData\Temp:A3E39C6A
    AlternateDataStreams: C:\ProgramData\Temp:A41FEAA2
    AlternateDataStreams: C:\ProgramData\Temp:A5264343
    AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
    AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF
    AlternateDataStreams: C:\ProgramData\Temp:A97FF73C
    AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
    AlternateDataStreams: C:\ProgramData\Temp:AE289451
    AlternateDataStreams: C:\ProgramData\Temp:B093E177
    AlternateDataStreams: C:\ProgramData\Temp:B12D1A7D
    AlternateDataStreams: C:\ProgramData\Temp:B285A50E
    AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
    AlternateDataStreams: C:\ProgramData\Temp:B3942462
    AlternateDataStreams: C:\ProgramData\Temp:B3D50E25
    AlternateDataStreams: C:\ProgramData\Temp:B722BCE5
    AlternateDataStreams: C:\ProgramData\Temp:B761039D
    AlternateDataStreams: C:\ProgramData\Temp:BA24E689
    AlternateDataStreams: C:\ProgramData\Temp:BAC2F271
    AlternateDataStreams: C:\ProgramData\Temp:BCDC6E07
    AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
    AlternateDataStreams: C:\ProgramData\Temp:C69BA1D0
    AlternateDataStreams: C:\ProgramData\Temp:C82210DD
    AlternateDataStreams: C:\ProgramData\Temp:C86B29EB
    AlternateDataStreams: C:\ProgramData\Temp:CB959782
    AlternateDataStreams: C:\ProgramData\Temp:CC386FD2
    AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
    AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
    AlternateDataStreams: C:\ProgramData\Temp:CE6885F1
    AlternateDataStreams: C:\ProgramData\Temp:D0AB0B4A
    AlternateDataStreams: C:\ProgramData\Temp:D254266B
    AlternateDataStreams: C:\ProgramData\Temp:D8134D8F
    AlternateDataStreams: C:\ProgramData\Temp:D987CB43
    AlternateDataStreams: C:\ProgramData\Temp:D9987109
    AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
    AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3
    AlternateDataStreams: C:\ProgramData\Temp:DCB27118
    AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD
    AlternateDataStreams: C:\ProgramData\Temp:DF30C7A6
    AlternateDataStreams: C:\ProgramData\Temp:E0848D16
    AlternateDataStreams: C:\ProgramData\Temp:E0AE69BE
    AlternateDataStreams: C:\ProgramData\Temp:E153075C
    AlternateDataStreams: C:\ProgramData\Temp:E6537A16
    AlternateDataStreams: C:\ProgramData\Temp:E9900C74
    AlternateDataStreams: C:\ProgramData\Temp:EA701346
    AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
    AlternateDataStreams: C:\ProgramData\Temp:EB333CFC
    AlternateDataStreams: C:\ProgramData\Temp:EB5BDBB0
    AlternateDataStreams: C:\ProgramData\Temp:EC0279DC
    AlternateDataStreams: C:\ProgramData\Temp:ED9B661E
    AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC
    AlternateDataStreams: C:\ProgramData\Temp:EE7AAC75
    AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
    AlternateDataStreams: C:\ProgramData\Temp:F2327E82
    AlternateDataStreams: C:\ProgramData\Temp:F422F8F1
    AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
    AlternateDataStreams: C:\ProgramData\Temp:F67947AF
    AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
U5NwUGc.png Chrome Reset

  • Open Chrome. Click the Settings icon in the top right corner. However over bookmarks and click Bookmark manager.
  • Click Organize, followed by Export bookmarks to HTML file. Follow the prompts to save the file. 
  • Follow these instructions on resetting Chrome: Chrome - Reset browser settings
  • Close Chrome. 
  • Open Chrome. Confirm there are no issues using the browser to access the Internet. 
     

STEP 4
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 5
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
  • Please do the same for the files below:
    • C:\Windows\SysWOW64\schdiphlp.exe
    • C:\Users\Lauren\AppData\Roaming\10522Hagsclub launcher.exe
       

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Torch uninstall successfully?
  • Fixlog.txt
  • Did Chrome reset successfully?
  • VirusTotal results (3 URLs)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP