Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer will suddenly slow down immensely

Started by KeraCkeo , Oct 31 2013 05:37 PM

  • Please log in to reply

#1
KeraCkeo
Posted 31 October 2013 - 05:37 PM

KeraCkeo

    New Member

  • Member
  • Pip
  • 9 posts
Ever since the 28th or 29th, my computer has slowed down to the point of being completely responsive several times. Opened windows won't close, the mouse lagging, jumping from location to location, the Task Manager not opening, and not being able to log off are among the things that have happened at least once. Sometimes it'll recover after several minutes, while other times have had me doing a forced shutdown.

At first, I thought it was a browser problem, since a window had popped up on occasion saying something along the lines of "The script: resource://gre/modules/XPCOMUtils.jsm.327 is unresponsive. Continue running or stop script?". Then I noticed it always seemed to be slowing down when opening or watching a video file. But when that trend broke, another arose... sort of. My external hard-drive seemed to be on and connected to the computer when the slowdowns occured, except for the first time this happened, which was arguably the worst instance of this problem occurring. Notably, after I had to force shut down once, I decided to transfer some files onto the external hard drive in case anything would happen to them. The computer froze within 5 minutes while transferring the files, with no browser open. So, I have zero idea where this problem is coming from. I'm suspecting it's probably my external hard drive, but I figure it's better to check if it's an issue with the computer first. I've upgraded Firefox and ran a virus scan with Avira (which did quarantine something, but the problem obviously persists) to no avail.

I also thought about using System Restore, but mysteriously, my computer appears to have no restore points. I've used System Restore previously on this computer so I know I definitely didn't turn it off or wipe the restore points.

Anyways, here's the OTL text:

OTL logfile created on: 10/31/2013 7:05:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brand\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.31% Memory free
7.73 Gb Paging File | 5.87 Gb Available in Paging File | 75.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.35 Gb Total Space | 329.55 Gb Free Space | 56.40% Space Free | Partition Type: NTFS

Computer Name: BRAND-PC | User Name: Brand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/31 19:05:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brand\Desktop\OTL.exe
PRC - [2013/10/25 21:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/08 21:06:33 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/04 16:25:18 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/09/04 09:13:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/04 09:13:10 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/04 09:13:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 14:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 14:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 19:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 21:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/08 21:06:33 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2012/10/02 14:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/28 22:00:28 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/10 05:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/10/25 21:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 21:06:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 16:25:18 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/09/04 09:13:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/04 09:13:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 14:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/24 19:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 17:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/04 09:13:23 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/04 09:13:23 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/20 15:39:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/11 12:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 17:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/06/08 17:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 15:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 14:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/10 07:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/06 16:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/08/24 10:23:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009/08/06 08:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/22 18:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 22:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 17:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/10 17:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/24 23:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/06 19:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/01/29 19:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/13 18:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...70z165a4471y34n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...70z165a4471y34n
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gamefaqs.com"
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2
FF - prefs.js..extensions.enabledAddons: multipletab%40piro.sakura.ne.jp:0.7.2013040601
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2011020301
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/13 17:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/09/04 16:30:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 16:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/20 16:19:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/13 17:51:11 | 000,000,000 | ---D | M]

[2010/02/21 17:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\Extensions
[2013/10/31 14:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions
[2010/08/27 03:10:54 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/02/22 19:56:02 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2013/05/15 13:12:28 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2013/05/15 13:12:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/03 11:15:50 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\[email protected]
[2013/05/15 13:12:28 | 000,433,578 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\[email protected]
[2013/05/15 13:12:28 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\[email protected]
[2013/05/03 11:15:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/15 13:12:27 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/01/20 13:19:19 | 000,000,999 | ---- | M] () -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\searchplugins\conduit.xml
[2013/10/31 14:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/07 14:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/07 14:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/07 14:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/07 14:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/31 14:48:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/14 17:29:36 | 000,164,352 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Brand\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0\
CHR - Extension: HV Statistics, Tracking, and Analysis Tool (Chrome Edition) = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\endmimaaaphhlnajbpnhcoehdplphbff\5.4.0_0\
CHR - Extension: AdBlock = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Freemake Video Converter = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: cookie.txt export = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopabhfecdfhgogdbojmaicoicjekelh\1.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/01 16:33:21 | 000,000,178 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [uTorrent] C:\Users\Brand\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kccsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kccsoft.com ([www] https in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://www.kccsoft.c...les/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A460169D-3A99-4A40-9AAF-F3A63C15BC40}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{edd75b2e-42f3-11e2-9a48-00262d7d5c0b}\Shell - "" = AutoRun
O33 - MountPoints2\{edd75b2e-42f3-11e2-9a48-00262d7d5c0b}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/31 19:05:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brand\Desktop\OTL.exe
[2013/10/31 14:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/10/27 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\Brand\Data1
[2013/10/20 16:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/10/20 16:31:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2013/10/20 16:30:59 | 003,649,536 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vfw.dll
[2013/10/20 16:30:59 | 003,554,304 | ---- | C] (x264vfw project) -- C:\Windows\SysNative\x264vfw64.dll
[2013/10/20 16:30:58 | 000,180,736 | ---- | C] (fccHandler) -- C:\Windows\SysNative\ac3acm.acm
[2013/10/20 16:30:58 | 000,122,880 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013/10/20 16:19:50 | 000,000,000 | ---D | C] -- C:\Users\Brand\Poster
[2013/10/18 10:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 10:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/18 10:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/06 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\Brand\a
[2 C:\Users\Brand\Documents\*.tmp files -> C:\Users\Brand\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/31 19:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 19:05:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brand\Desktop\OTL.exe
[2013/10/31 18:52:58 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 18:52:58 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 18:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/31 18:42:41 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/31 17:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA.job
[2013/10/31 14:52:16 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/31 14:50:34 | 024,278,649 | ---- | M] () -- C:\Users\Brand\vlc-2.1.0-win32.exe
[2013/10/31 14:48:39 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/31 07:32:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core.job
[2013/10/30 23:43:15 | 003,858,341 | ---- | M] () -- C:\Users\Brand\Assignment 4 Solutions.pdf
[2013/10/30 22:21:54 | 001,093,480 | ---- | M] () -- C:\Users\Brand\J. Biol. Chem.-1958-Rhodes-399-408.pdf
[2013/10/28 22:29:45 | 000,004,608 | ---- | M] () -- C:\Users\Brand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/28 22:05:53 | 000,017,427 | ---- | M] () -- C:\Users\Brand\AppData\Local\recently-used.xbel
[2013/10/28 22:05:53 | 000,013,469 | ---- | M] () -- C:\Users\Brand\Attachment-1a.png
[2013/10/28 21:51:05 | 000,251,420 | ---- | M] () -- C:\Users\Brand\Graham+Trong.png
[2013/10/28 20:48:14 | 001,602,802 | ---- | M] () -- C:\Users\Brand\art%3A10.1007%2FBF01229676.pdf
[2013/10/28 16:28:26 | 006,649,338 | ---- | M] () -- C:\Users\Brand\Bulletin_6040A.pdf
[2013/10/28 16:26:53 | 000,093,027 | ---- | M] () -- C:\Users\Brand\Bulletin_9004.pdf
[2013/10/28 16:26:19 | 000,252,342 | ---- | M] () -- C:\Users\Brand\Exp. 4 Links.pdf
[2013/10/28 16:25:51 | 000,179,909 | ---- | M] () -- C:\Users\Brand\Lab 3 Marking Scheme - Students.pdf
[2013/10/28 16:15:05 | 000,229,350 | ---- | M] () -- C:\Users\Brand\Brandon + Danielle.png
[2013/10/27 20:57:37 | 000,025,952 | ---- | M] () -- C:\Users\Brand\Danielle.png
[2013/10/27 20:57:27 | 000,003,956 | ---- | M] () -- C:\Users\Brand\Data1.zip
[2013/10/25 15:20:18 | 000,285,003 | ---- | M] () -- C:\Users\Brand\ZmURUqH.jpg
[2013/10/25 08:55:05 | 000,026,404 | ---- | M] () -- C:\Users\Brand\5da.jpg
[2013/10/24 00:24:17 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/24 00:24:17 | 000,664,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/24 00:24:17 | 000,125,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/22 07:27:51 | 003,500,594 | ---- | M] () -- C:\Users\Brand\Omega.pdf
[2013/10/21 04:17:08 | 000,779,880 | ---- | M] () -- C:\Users\Brand\PosterCellBioFix.pdf
[2013/10/21 01:12:13 | 000,834,129 | ---- | M] () -- C:\Users\Brand\JEbGDNx.gif
[2013/10/20 22:58:17 | 000,168,843 | ---- | M] () -- C:\Users\Brand\PageImage-512686-4777586-spiderman_neat.gif
[2013/10/19 21:02:53 | 001,011,533 | ---- | M] () -- C:\Users\Brand\JmjvP5n.gif
[2013/10/19 15:38:54 | 008,388,608 | ---- | M] () -- C:\Users\Brand\BTN_A_000113943_O_185758a.pdf
[2013/10/19 12:16:29 | 000,627,346 | ---- | M] () -- C:\Users\Brand\nature09357.pdf
[2013/10/19 12:10:33 | 000,025,952 | ---- | M] () -- C:\Users\Brand\Attachment-1.png
[2013/10/18 21:17:49 | 000,378,714 | ---- | M] () -- C:\Users\Brand\Assignment 4.pdf
[2013/10/15 21:01:10 | 000,002,368 | ---- | M] () -- C:\Users\Brand\Desktop\Google Chrome.lnk
[2013/10/14 19:11:39 | 000,022,102 | ---- | M] () -- C:\Users\Brand\999_advice_meme_by_chuchubucket-d3yzaoq.jpg
[2013/10/14 17:19:54 | 000,108,493 | ---- | M] () -- C:\Users\Brand\1382974_10202221264234295_22278252_n.jpg
[2013/10/14 10:58:31 | 000,101,661 | ---- | M] () -- C:\Users\Brand\Midterm 1 Review.pdf
[2013/10/13 13:31:09 | 004,980,180 | ---- | M] () -- C:\Users\Brand\P1010178.JPG
[2013/10/13 13:30:56 | 004,754,755 | ---- | M] () -- C:\Users\Brand\P1010177.JPG
[2013/10/11 20:04:00 | 000,346,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 07:40:51 | 000,765,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/06 15:45:41 | 008,244,030 | ---- | M] () -- C:\Users\Brand\Bulletin_2895.pdf
[2013/10/02 07:51:42 | 002,916,568 | ---- | M] () -- C:\Users\Brand\P1Review.pdf
[2 C:\Users\Brand\Documents\*.tmp files -> C:\Users\Brand\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/31 14:52:16 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/31 14:50:33 | 024,278,649 | ---- | C] () -- C:\Users\Brand\vlc-2.1.0-win32.exe
[2013/10/31 14:48:39 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/31 14:48:39 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/30 23:43:14 | 003,858,341 | ---- | C] () -- C:\Users\Brand\Assignment 4 Solutions.pdf
[2013/10/30 22:21:53 | 001,093,480 | ---- | C] () -- C:\Users\Brand\J. Biol. Chem.-1958-Rhodes-399-408.pdf
[2013/10/29 17:50:15 | 000,108,054 | ---- | C] () -- C:\Users\Brand\C Falcon 2.wav
[2013/10/28 22:05:53 | 000,017,427 | ---- | C] () -- C:\Users\Brand\AppData\Local\recently-used.xbel
[2013/10/28 22:05:53 | 000,013,469 | ---- | C] () -- C:\Users\Brand\Attachment-1a.png
[2013/10/28 21:51:04 | 000,251,420 | ---- | C] () -- C:\Users\Brand\Graham+Trong.png
[2013/10/28 20:48:13 | 001,602,802 | ---- | C] () -- C:\Users\Brand\art%3A10.1007%2FBF01229676.pdf
[2013/10/28 16:28:26 | 006,649,338 | ---- | C] () -- C:\Users\Brand\Bulletin_6040A.pdf
[2013/10/28 16:26:53 | 000,093,027 | ---- | C] () -- C:\Users\Brand\Bulletin_9004.pdf
[2013/10/28 16:26:19 | 000,252,342 | ---- | C] () -- C:\Users\Brand\Exp. 4 Links.pdf
[2013/10/28 16:25:51 | 000,179,909 | ---- | C] () -- C:\Users\Brand\Lab 3 Marking Scheme - Students.pdf
[2013/10/28 16:15:04 | 000,229,350 | ---- | C] () -- C:\Users\Brand\Brandon + Danielle.png
[2013/10/27 20:57:37 | 000,025,952 | ---- | C] () -- C:\Users\Brand\Danielle.png
[2013/10/27 20:57:26 | 000,003,956 | ---- | C] () -- C:\Users\Brand\Data1.zip
[2013/10/25 15:20:17 | 000,285,003 | ---- | C] () -- C:\Users\Brand\ZmURUqH.jpg
[2013/10/25 08:55:05 | 000,026,404 | ---- | C] () -- C:\Users\Brand\5da.jpg
[2013/10/22 07:27:48 | 003,500,594 | ---- | C] () -- C:\Users\Brand\Omega.pdf
[2013/10/21 04:17:08 | 000,779,880 | ---- | C] () -- C:\Users\Brand\PosterCellBioFix.pdf
[2013/10/21 01:12:12 | 000,834,129 | ---- | C] () -- C:\Users\Brand\JEbGDNx.gif
[2013/10/20 22:58:17 | 000,168,843 | ---- | C] () -- C:\Users\Brand\PageImage-512686-4777586-spiderman_neat.gif
[2013/10/20 16:31:03 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2013/10/20 16:31:00 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/10/20 16:31:00 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013/10/20 16:30:58 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/10/20 16:30:56 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/10/19 21:02:52 | 001,011,533 | ---- | C] () -- C:\Users\Brand\JmjvP5n.gif
[2013/10/19 15:38:54 | 008,388,608 | ---- | C] () -- C:\Users\Brand\BTN_A_000113943_O_185758a.pdf
[2013/10/19 12:16:29 | 000,627,346 | ---- | C] () -- C:\Users\Brand\nature09357.pdf
[2013/10/19 12:10:33 | 000,025,952 | ---- | C] () -- C:\Users\Brand\Attachment-1.png
[2013/10/18 21:17:49 | 000,378,714 | ---- | C] () -- C:\Users\Brand\Assignment 4.pdf
[2013/10/14 19:11:39 | 000,022,102 | ---- | C] () -- C:\Users\Brand\999_advice_meme_by_chuchubucket-d3yzaoq.jpg
[2013/10/14 17:19:53 | 000,108,493 | ---- | C] () -- C:\Users\Brand\1382974_10202221264234295_22278252_n.jpg
[2013/10/14 10:58:30 | 000,101,661 | ---- | C] () -- C:\Users\Brand\Midterm 1 Review.pdf
[2013/10/13 13:31:05 | 004,980,180 | ---- | C] () -- C:\Users\Brand\P1010178.JPG
[2013/10/13 13:30:52 | 004,754,755 | ---- | C] () -- C:\Users\Brand\P1010177.JPG
[2013/10/06 15:45:38 | 008,244,030 | ---- | C] () -- C:\Users\Brand\Bulletin_2895.pdf
[2013/10/02 07:51:42 | 002,916,568 | ---- | C] () -- C:\Users\Brand\P1Review.pdf
[2013/09/24 00:54:22 | 000,662,405 | ---- | C] () -- C:\Users\Brand\NFZfMsA.jpg
[2013/09/21 17:41:19 | 000,011,971 | ---- | C] () -- C:\Users\Brand\1241639_10202061917970738_1320422930_n.jpg
[2013/09/21 17:41:16 | 000,013,187 | ---- | C] () -- C:\Users\Brand\1241143_10202061915850685_1573221367_n.jpg
[2013/09/21 17:41:11 | 000,029,196 | ---- | C] () -- C:\Users\Brand\1372915_10202061915570678_1027892545_n.jpg
[2013/09/20 00:21:21 | 000,004,835 | ---- | C] () -- C:\Users\Brand\AppData\Roaming\certb.html
[2013/08/18 04:06:03 | 000,051,571 | ---- | C] () -- C:\Users\Brand\Order Complete Printer Friendly EBGames.htm
[2013/02/27 00:03:46 | 037,749,159 | ---- | C] () -- C:\Users\Brand\CHEM_2302-3_How_To_-_Flash__Large__-_20130108_04.47.47PM.mp4
[2013/02/04 08:36:42 | 001,124,481 | ---- | C] () -- C:\Users\Brand\scan0001.jpg
[2013/01/22 02:51:12 | 000,004,608 | ---- | C] () -- C:\Users\Brand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/26 08:45:04 | 091,709,867 | ---- | C] () -- C:\Users\Brand\P4G_PS3DynamicThemes_Collection.zip
[2012/05/02 03:35:12 | 022,259,528 | ---- | C] () -- C:\Users\Brand\vlc-2.0.1-win32.exe
[2010/02/22 21:11:08 | 000,000,253 | ---- | C] () -- C:\Users\Brand\AppData\Roaming\ANICONFIG_{F835093F-FFBB-4DB8-BC2B-2D5673A4A399}.ini
[2010/02/21 16:50:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/20 00:25:06 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\100854674
[2010/05/18 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\AnvSoft
[2010/03/30 16:25:53 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Auslogics
[2011/02/27 15:53:31 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\avidemux
[2012/12/31 02:41:48 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Awesome Duplicate Photo Finder
[2013/08/21 00:19:48 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Braid
[2012/06/27 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/31 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\gtk-2.0
[2013/06/01 22:50:04 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Image Grabber II.NET
[2013/09/04 17:56:36 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Motorola
[2012/12/10 15:51:34 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Motorola Mobility
[2010/02/22 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Packard Bell
[2010/03/30 16:18:19 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Samsung
[2013/01/20 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\SearchProtect
[2012/12/31 05:32:39 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\SystemRequirementsLab
[2013/01/22 09:38:56 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\TechSmith
[2013/08/09 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\To the Moon - Freebird Games
[2013/08/08 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\TuneUp Software
[2013/10/31 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\uTorrent
[2010/10/31 13:20:12 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/10/31 17:53:38 | 104,433,978 | ---- | M] ()(C:\Windows\SysWow64\???X) -- C:\Windows\SysWow64\滫X
[2013/10/31 17:53:38 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\???X) -- C:\Windows\SysWow64\滫X
[2013/10/30 03:17:39 | 104,098,187 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\≨跩
[2013/10/30 03:17:39 | 104,098,187 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\≨跩

< End of report >

Thanks for your help!
  • 0

Advertisements

#2
RKinner
Posted 07 November 2013 - 12:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
We usually need to do the following with Avira so it doesn't interfere with our fixes:

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

You can post each log as you get it if you like. If something doesn't work then just go on to the next step.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy.

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#3
KeraCkeo
Posted 07 November 2013 - 07:49 PM

KeraCkeo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here are the results:

Speccy:
Attached

Speedtest:
Posted Image

ADWCleaner:
# AdwCleaner v3.011 - Report created 07/11/2013 at 19:19:12
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Brand - BRAND-PC
# Running from : C:\Users\Brand\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\Brand\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Brand\AppData\Roaming\Searchprotect
File Deleted : C:\END
File Deleted : C:\Users\Brand\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2248 octets] - [07/11/2013 19:17:53]
AdwCleaner[S0].txt - [2154 octets] - [07/11/2013 19:19:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2214 octets] ##########

Junkware-Removal-Tool:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Brand on 07/11/2013 at 19:23:50.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{00F5ABF2-7271-4E38-B0A4-B192F1B96968}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{0B78496E-987B-439B-BE3C-F4073C72533A}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{0B81586D-AF6C-4C1C-A496-26AE9D203AD6}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{13187A42-F5BA-45FC-ACE2-954A1F5292DE}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{1688DC28-8075-4E74-815A-A0EBC744E5F4}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{205018E6-9D0A-4E7E-8558-94B5BCE5B757}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{24EDBBD0-78E8-4D88-A437-5F1954FA3210}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{29EC6E47-C2FE-442E-889B-556D400C9163}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{339C17A8-F752-4663-A512-F10FAF3BBD70}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{3AB29089-0673-4B7B-9B76-3C15CCFBAA44}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{3B799D63-09F0-4F12-8165-764837E8B0FF}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{3DCAF229-21C8-4C4C-A507-B78EB9EEBE01}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{4598C81E-E7B4-4676-B160-673A5E2852C7}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{51CBACB9-5375-439E-B6F7-7197807F4829}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{524FE387-37F8-4155-9397-C3CC5CDD9386}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{53234F33-D915-4FF1-80D3-4A3CB9BD5924}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{54186C92-A9E5-4D83-9E04-3BEDC13E36D2}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{5451BF4E-1422-4CC0-82AA-09280C007A8D}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{598C7EB7-A154-40BB-A214-B0CC0DBF59A0}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{59D18DFE-4992-443E-B309-8B1D581B58CB}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{61EA809C-941C-441D-9D1E-A4F4007D734C}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{62DC9ACF-755B-4224-8BAE-21F1642C2442}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{639A885C-514D-4A43-B578-BDA5668B3D64}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{6B7B081F-A005-49BC-8E49-7690D1605BB3}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{72958126-43D2-4158-8A44-BBD1D023AAA8}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{73EFEC0E-2DBD-4402-954D-075FC077E08A}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{78EFD000-0B2D-47DD-A4CA-36C3353F481F}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{7A432170-1A89-486F-8A4B-5E731B443781}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{7CB9701D-029D-49F8-95C4-922B00930D17}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{80104153-3CF8-4AC9-8B4B-D194871EB48C}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{805FF434-E0D9-40F5-9BDD-480B22218AE2}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{846665C6-5AAB-456B-BBAC-41A6791DE13C}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{8680D0CF-4D3D-4C6F-AB0D-41597BDC5E5B}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{894473F2-C57D-4A95-92EC-4817ECC6CC53}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{895ED3CC-B510-408B-BC39-54DA5EA5BBD3}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{8C963696-A94A-4480-9857-FA162BBEFC1F}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{95518D3C-CF70-4CFA-9773-38A910056FB6}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{9F040F7C-D06F-4283-B567-D0CE85BA0CA6}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{A5B96EF1-F103-4636-8D18-636D0B804502}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{A618685B-8381-4462-A65C-87EADBE22C7D}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{A977970D-5B76-44D5-87E5-E383188CC49C}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{A98C8A26-DE4F-4438-BBB6-42D0BF4F417C}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{AAEB96AD-FDDE-43A6-9F59-9B8FE6810CB3}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{AEB674FE-A2F5-4376-9194-C83D1CA4B7C4}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{AF06B4F8-3BD2-4598-B125-B37B2AFC84E3}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B3512698-2EEA-4D6C-B80F-6CC397232335}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B440751C-8D5C-4BC2-8359-894A769D636B}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B64DCC64-7C67-4261-838D-8A6E705681D0}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B67E660D-D0D9-408B-94EF-C5222C75AE7F}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B696A6E8-9642-4553-9589-358499A7A61D}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B7CCBE0E-BC9A-49E7-B42F-F489890EB484}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{B9EA5D1D-D8B3-4350-85EB-6357A2B88891}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{BC8AEE16-0030-4775-81AD-FEB50B48DC7E}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{BD20CBBD-744B-45F4-8471-B34C56AE17D7}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{BD52FE17-46FF-4C44-918A-44A99191151F}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{C44FD582-375E-465B-A2F2-B1F4516C3551}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{C4A8B6F9-DF4B-489B-AFF3-EBA33B266002}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{C508E5BA-01D6-4ABD-B852-C55566EFFE3D}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{C72A9982-3F4A-44E3-A42C-8A69EAD0258B}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{D6491F33-C9AD-46AF-910E-0E93AAF0270F}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{D85A4D1E-E7A2-44D9-9BEF-5EE7FFD647F8}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{E22F0B9D-EB48-46F8-B1BB-81C88A4961AA}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{E5A057F7-D232-4756-9572-62B143BB5B4A}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{E5FD4732-A0D8-422F-9333-7B0BC25F92C2}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{E9CBA814-796A-40EA-99A7-2B4EB14C7C6B}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{F199A4BA-610C-400F-B844-E3E4D35F0344}
Successfully deleted: [Empty Folder] C:\Users\Brand\appdata\local\{FB031B7B-915A-4B3E-9A31-3FACFAA57A6A}



~~~ FireFox

Successfully deleted the following from C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\prefs.js

user_pref("gamefox.accounts", "{\"MetaKirbyUltra\":{\"MDAAuth\":{\"content\":\"MTRkZThmMWExMTUyMGI4NzNmNDYxMjMzZDA5YWMxNjk0ZDhhYmM2NTIyNTcxMjY1OTc5OTU5OTk2MDEyODI0NTcyMzQyMDY2
Emptied folder: C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\minidumps [433 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/11/2013 at 19:34:39.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Farbar Recovery Scan Tool:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Brand (administrator) on BRAND-PC on 07-11-2013 20:06:25
Running from C:\Users\Brand\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Brand\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-01] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Brand\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2013-09-12] (BitTorrent Inc.)
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
MountPoints2: {edd75b2e-42f3-11e2-9a48-00262d7d5c0b} - E:\MotoCastSetup.exe -a
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...70z165a4471y34n
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...70z165a4471y34n
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} http://www.kccsoft.c...les/awswaxd.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default
FF Homepage: www.gamefaqs.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Linkification - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF Extension: oldbar - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF Extension: GameFOX - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF Extension: DownloadHelper - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: compatibility - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\[email protected]
FF Extension: multipletab - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\[email protected]
FF Extension: personas - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\[email protected]
FF Extension: Adblock Plus - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.gamefaqs.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Brand\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Tampermonkey) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0
CHR Extension: (HV Statistics, Tracking, and Analysis Tool (Chrome Edition)) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\endmimaaaphhlnajbpnhcoehdplphbff\5.4.0_0
CHR Extension: (AdBlock) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0
CHR Extension: (Freemake Video Converter) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (cookie.txt export) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopabhfecdfhgogdbojmaicoicjekelh\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Brand\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-02-28] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-04] (Freemake)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
S3 ANIWZCSdService; C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [x]

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-20] (Avira Operations GmbH & Co. KG)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-07 20:06 - 2013-11-07 20:06 - 00000000 ____D C:\FRST
2013-11-07 20:05 - 2013-11-07 20:05 - 01957098 _____ (Farbar) C:\Users\Brand\Desktop\FRST64.exe
2013-11-07 19:34 - 2013-11-07 19:34 - 00008217 _____ C:\Users\Brand\Desktop\JRT.txt
2013-11-07 19:23 - 2013-11-07 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 19:22 - 2013-11-07 19:22 - 01034531 _____ (Thisisu) C:\Users\Brand\Desktop\JRT.exe
2013-11-07 19:21 - 2013-11-07 19:21 - 00002302 _____ C:\Users\Brand\Desktop\AdwCleaner[S0].txt
2013-11-07 19:17 - 2013-11-07 19:19 - 00000000 ____D C:\AdwCleaner
2013-11-07 19:16 - 2013-11-07 19:16 - 01073262 _____ C:\Users\Brand\Desktop\AdwCleaner.exe
2013-11-06 23:10 - 2013-11-06 23:10 - 01281653 _____ C:\Users\Brand\Coupling Constants Part 3.pptx
2013-11-04 03:01 - 2013-11-04 03:01 - 00021750 _____ C:\Users\Brand\AppData\Local\recently-used.xbel
2013-11-03 18:17 - 2013-11-05 07:26 - 00000000 ____D C:\Users\Brand\BIOCFormal
2013-11-03 13:55 - 2013-11-03 17:23 - 00000000 ____D C:\Users\Brand\Taq
2013-11-02 23:38 - 2013-11-02 23:38 - 00000000 ____D C:\Users\Brand\msds
2013-10-31 18:22 - 2013-10-31 18:40 - 00111128 _____ C:\Users\Brand\Desktop\OTL.Txt
2013-10-31 18:05 - 2013-10-31 18:05 - 00602112 _____ (OldTimer Tools) C:\Users\Brand\Desktop\OTL.exe
2013-10-31 16:53 - 2013-10-31 16:53 - 104433978 _____ C:\Windows\SysWOW64\滫X
2013-10-31 13:52 - 2013-10-31 13:52 - 00001029 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-31 13:48 - 2013-10-31 13:48 - 00001110 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-30 02:17 - 2013-10-30 02:17 - 104098187 _____ C:\Windows\SysWOW64\≨跩
2013-10-29 16:50 - 2013-08-19 04:36 - 00108054 _____ C:\Users\Brand\C Falcon 2.wav
2013-10-27 19:57 - 2013-10-27 19:57 - 00003956 _____ C:\Users\Brand\Data1.zip
2013-10-21 19:46 - 2013-10-21 19:46 - 00616847 _____ C:\Users\Brand\Coupling Constants Part 2.pptx
2013-10-21 19:21 - 2013-10-21 20:53 - 00950121 _____ C:\Users\Brand\BIOC 3006 Poster Final %281%29.pptx
2013-10-20 15:31 - 2013-09-12 13:00 - 00127488 _____ C:\Windows\system32\ff_vfw.dll
2013-10-20 15:31 - 2011-12-07 12:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-10-20 15:31 - 2011-12-07 12:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-10-20 15:31 - 2004-05-18 13:16 - 00039936 _____ (Disappearing Inc.) C:\Windows\SysWOW64\huffyuv.dll
2013-10-20 15:30 - 2013-09-12 13:00 - 00112640 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-10-20 15:30 - 2013-08-22 12:09 - 00256088 _____ C:\Windows\system32\unrar64.dll
2013-10-20 15:30 - 2013-03-17 12:22 - 03554304 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2013-10-20 15:30 - 2013-03-17 11:21 - 03649536 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2013-10-20 15:30 - 2012-07-21 05:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2013-10-20 15:30 - 2012-07-21 05:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2013-10-20 15:19 - 2013-10-21 03:18 - 00000000 ____D C:\Users\Brand\Poster
2013-10-19 11:17 - 2013-10-19 11:17 - 01763423 _____ C:\Users\Brand\Poster Making.pptx
2013-10-18 09:28 - 2013-10-18 09:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-18 09:28 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-18 09:27 - 2013-10-18 09:27 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-18 09:27 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-18 09:27 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-18 09:27 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 06:37 - 2013-10-17 06:37 - 01244374 _____ C:\Users\Brand\Problem Solving Coupling Constant Handout.pptx
2013-10-15 06:20 - 2013-10-15 06:20 - 01629453 _____ C:\Users\Brand\13C NMR Handout Part 2.pptx
2013-10-15 01:39 - 2013-10-15 01:39 - 00048128 _____ C:\Users\Brand\Copy of endocytosis lab data 2013.xls
2013-10-13 12:35 - 2013-10-13 12:35 - 00032256 _____ C:\Users\Brand\tues lab final.xls
2013-10-09 06:44 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 06:44 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 06:44 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 06:44 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 06:44 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 06:44 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 06:44 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 06:44 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 06:44 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 06:44 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 06:44 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 06:44 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-08 20:22 - 2013-09-13 20:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 20:22 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 20:22 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 20:22 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 20:22 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 20:22 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 20:22 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 20:22 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 20:22 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 20:22 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-08 20:22 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 20:22 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 20:22 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 20:22 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 20:22 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 20:22 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 20:22 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 20:22 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 20:22 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 20:22 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 20:22 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 20:22 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 20:22 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 20:22 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 20:22 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:22 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:22 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 20:22 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 20:22 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 20:22 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 20:22 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 20:22 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 20:22 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 20:22 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 20:22 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 20:22 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 20:22 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 20:22 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 20:22 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 20:22 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 20:22 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 20:22 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 20:22 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 20:22 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 20:22 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 20:22 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 20:22 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 20:22 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 20:22 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 20:21 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 20:21 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 20:21 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 20:21 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 20:21 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-11-07 20:06 - 2013-11-07 20:06 - 00000000 ____D C:\FRST
2013-11-07 20:06 - 2013-02-09 12:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 20:05 - 2013-11-07 20:05 - 01957098 _____ (Farbar) C:\Users\Brand\Desktop\FRST64.exe
2013-11-07 19:34 - 2013-11-07 19:34 - 00008217 _____ C:\Users\Brand\Desktop\JRT.txt
2013-11-07 19:32 - 2011-09-01 19:28 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA.job
2013-11-07 19:28 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 19:28 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 19:24 - 2010-01-13 12:37 - 01449960 _____ C:\Windows\WindowsUpdate.log
2013-11-07 19:23 - 2013-11-07 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 19:23 - 2010-02-21 16:39 - 00000000 ____D C:\Users\Brand\AppData\Roaming\uTorrent
2013-11-07 19:22 - 2013-11-07 19:22 - 01034531 _____ (Thisisu) C:\Users\Brand\Desktop\JRT.exe
2013-11-07 19:21 - 2013-11-07 19:21 - 00002302 _____ C:\Users\Brand\Desktop\AdwCleaner[S0].txt
2013-11-07 19:21 - 2013-01-21 17:10 - 00000000 ____D C:\Users\Brand\AppData\Local\CrashDumps
2013-11-07 19:20 - 2013-08-08 21:21 - 00012935 _____ C:\Windows\setupact.log
2013-11-07 19:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-07 19:19 - 2013-11-07 19:17 - 00000000 ____D C:\AdwCleaner
2013-11-07 19:19 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 19:16 - 2013-11-07 19:16 - 01073262 _____ C:\Users\Brand\Desktop\AdwCleaner.exe
2013-11-07 17:52 - 2013-08-23 02:51 - 00000000 ____D C:\Users\Brand\Post-Archive
2013-11-07 17:43 - 2013-08-26 22:42 - 00000864 _____ C:\Users\Brand\temp.txt
2013-11-07 13:26 - 2013-08-19 18:13 - 00000000 ____D C:\Users\Brand\dwhelper
2013-11-07 08:06 - 2010-02-21 14:36 - 00000000 ____D C:\Users\Brand
2013-11-07 07:32 - 2011-09-01 19:28 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core.job
2013-11-07 01:46 - 2010-02-22 19:21 - 00000000 ____D C:\Users\Brand\AppData\Roaming\vlc
2013-11-07 00:02 - 2010-09-29 19:53 - 04525056 ___SH C:\Users\Brand\Thumbs.db
2013-11-06 23:10 - 2013-11-06 23:10 - 01281653 _____ C:\Users\Brand\Coupling Constants Part 3.pptx
2013-11-05 07:26 - 2013-11-03 18:17 - 00000000 ____D C:\Users\Brand\BIOCFormal
2013-11-05 07:26 - 2013-08-01 08:50 - 00000000 ____D C:\Users\Brand\Ipad Backup
2013-11-04 07:03 - 2013-09-04 15:18 - 00000000 ____D C:\Users\Brand\.gimp-2.8
2013-11-04 03:01 - 2013-11-04 03:01 - 00021750 _____ C:\Users\Brand\AppData\Local\recently-used.xbel
2013-11-04 03:01 - 2013-09-04 16:01 - 00000000 ____D C:\Users\Brand\AppData\Local\gtk-2.0
2013-11-03 17:23 - 2013-11-03 13:55 - 00000000 ____D C:\Users\Brand\Taq
2013-11-03 12:19 - 2013-08-23 02:06 - 00000000 ____D C:\Users\Brand\Documents\Torrents
2013-11-02 23:38 - 2013-11-02 23:38 - 00000000 ____D C:\Users\Brand\msds
2013-10-31 18:40 - 2013-10-31 18:22 - 00111128 _____ C:\Users\Brand\Desktop\OTL.Txt
2013-10-31 18:34 - 2010-02-21 16:40 - 00000000 ____D C:\Users\Brand\AppData\Local\Mozilla
2013-10-31 18:05 - 2013-10-31 18:05 - 00602112 _____ (OldTimer Tools) C:\Users\Brand\Desktop\OTL.exe
2013-10-31 17:33 - 2012-05-02 02:34 - 00005120 ___SH C:\Users\Brand\AppData\Thumbs.db
2013-10-31 17:23 - 2013-01-22 08:38 - 00000000 ____D C:\Users\Brand\Documents\Camtasia Studio
2013-10-31 17:06 - 2013-08-20 14:26 - 00006130 _____ C:\Windows\PFRO.log
2013-10-31 16:53 - 2013-10-31 16:53 - 104433978 _____ C:\Windows\SysWOW64\滫X
2013-10-31 13:52 - 2013-10-31 13:52 - 00001029 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-31 13:48 - 2013-10-31 13:48 - 00001110 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-31 13:48 - 2013-08-07 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-31 13:48 - 2012-05-07 13:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-30 02:17 - 2013-10-30 02:17 - 104098187 _____ C:\Windows\SysWOW64\≨跩
2013-10-29 18:25 - 2010-05-12 21:38 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-28 21:29 - 2013-01-22 01:51 - 00004608 _____ C:\Users\Brand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-27 22:50 - 2013-09-12 21:24 - 00000000 ____D C:\Users\Brand\2013
2013-10-27 19:57 - 2013-10-27 19:57 - 00003956 _____ C:\Users\Brand\Data1.zip
2013-10-21 20:53 - 2013-10-21 19:21 - 00950121 _____ C:\Users\Brand\BIOC 3006 Poster Final %281%29.pptx
2013-10-21 19:46 - 2013-10-21 19:46 - 00616847 _____ C:\Users\Brand\Coupling Constants Part 2.pptx
2013-10-21 03:18 - 2013-10-20 15:19 - 00000000 ____D C:\Users\Brand\Poster
2013-10-20 15:30 - 2010-02-22 19:24 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-10-20 12:52 - 2010-02-22 21:41 - 00000000 ____D C:\Users\Brand\Documents\Stuff
2013-10-19 11:17 - 2013-10-19 11:17 - 01763423 _____ C:\Users\Brand\Poster Making.pptx
2013-10-18 09:28 - 2013-10-18 09:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-18 09:27 - 2013-10-18 09:27 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-18 09:27 - 2010-05-13 00:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 06:37 - 2013-10-17 06:37 - 01244374 _____ C:\Users\Brand\Problem Solving Coupling Constant Handout.pptx
2013-10-15 20:01 - 2011-09-01 19:30 - 00002368 _____ C:\Users\Brand\Desktop\Google Chrome.lnk
2013-10-15 06:20 - 2013-10-15 06:20 - 01629453 _____ C:\Users\Brand\13C NMR Handout Part 2.pptx
2013-10-15 01:39 - 2013-10-15 01:39 - 00048128 _____ C:\Users\Brand\Copy of endocytosis lab data 2013.xls
2013-10-13 23:58 - 2011-11-03 20:26 - 00000000 ____D C:\Users\Brand\University
2013-10-13 12:35 - 2013-10-13 12:35 - 00032256 _____ C:\Users\Brand\tues lab final.xls
2013-10-11 21:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 19:04 - 2009-07-13 23:45 - 00346456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 19:03 - 2013-03-14 07:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 19:03 - 2013-03-14 07:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 06:47 - 2009-11-06 15:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 06:40 - 2010-08-14 20:56 - 00765178 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 06:35 - 2013-08-14 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 06:33 - 2010-02-21 16:09 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 06:27 - 2011-09-01 19:28 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA
2013-10-09 06:27 - 2011-09-01 19:28 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core
2013-10-08 20:06 - 2013-02-09 12:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:06 - 2012-04-03 07:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:06 - 2011-05-16 09:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 06:50 - 2013-10-18 09:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 06:46 - 2013-10-18 09:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 06:46 - 2013-10-18 09:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 06:46 - 2013-10-18 09:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-08 06:32 - 2013-10-06 14:25 - 00000000 ____D C:\Users\Brand\a

Some content of TEMP:
====================
C:\Users\Brand\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.1.exe
C:\Users\Brand\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Brand\AppData\Local\Temp\oi_{6BB88B81-7DFD-4BAB-BCF6-7A32E3D11BA1}.exe
C:\Users\Brand\AppData\Local\Temp\Quarantine.exe
C:\Users\Brand\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Brand\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Brand\AppData\Local\Temp\uttD46F.tmp.exe
C:\Users\Brand\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 01:22

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Brand at 2013-11-07 20:07:51
Running from C:\Users\Brand\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32)
µTorrent (HKCU Version: 3.3.2.30180)
4500_Help (x32 Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005)
ALPS Touch Pad Driver (Version: 7.105.2015.1105)
Amnesia: The Dark Descent (x32)
Any Video Converter 3.1.7 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.754.0)
Auslogics Disk Defrag (x32 Version: 3.6)
Avidemux 2.5 (x32 Version: 2.5.4.6714)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Awesome Duplicate Photo Finder v. 1.1 (x32)
Backup Manager Basic (x32 Version: 2.0.0.29)
Bastion (x32)
Bonjour (Version: 3.0.0.10)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 50.0.165.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
Braid (x32)
Broadcom Gigabit NetLink Controller (Version: 12.33.03)
BufferChm (x32 Version: 130.0.331.000)
Bully: Scholarship Edition (x32)
Camtasia Studio 8 (x32 Version: 8.0.4.1060)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329)
Cave Story+ (x32)
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329)
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329)
CCC Help Czech (x32 Version: 2009.1209.2334.42329)
CCC Help Danish (x32 Version: 2009.1209.2334.42329)
CCC Help Dutch (x32 Version: 2009.1209.2334.42329)
CCC Help English (x32 Version: 2009.1209.2334.42329)
CCC Help Finnish (x32 Version: 2009.1209.2334.42329)
CCC Help French (x32 Version: 2009.1209.2334.42329)
CCC Help German (x32 Version: 2009.1209.2334.42329)
CCC Help Greek (x32 Version: 2009.1209.2334.42329)
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329)
CCC Help Italian (x32 Version: 2009.1209.2334.42329)
CCC Help Japanese (x32 Version: 2009.1209.2334.42329)
CCC Help Korean (x32 Version: 2009.1209.2334.42329)
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329)
CCC Help Polish (x32 Version: 2009.1209.2334.42329)
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329)
CCC Help Russian (x32 Version: 2009.1209.2334.42329)
CCC Help Spanish (x32 Version: 2009.1209.2334.42329)
CCC Help Swedish (x32 Version: 2009.1209.2334.42329)
CCC Help Thai (x32 Version: 2009.1209.2334.42329)
CCC Help Turkish (x32 Version: 2009.1209.2334.42329)
ccc-core-static (x32 Version: 2009.1209.2335.42329)
ccc-utility64 (Version: 2009.1209.2335.42329)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink Power2Go (x32 Version: 6.0.3108)
CyberLink PowerDVD 8 (x32 Version: 8.0.3520.50)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 130.0.465.000)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 13.0.0.0)
Far Cry 2 (x32)
Fax (x32 Version: 130.0.418.000)
Freemake Video Converter version 4.0.4 (x32 Version: 4.0.4)
FTL: Faster Than Light (x32)
Gateway InfoCentre (x32 Version: 3.02.3000)
Gateway MyBackup (x32 Version: 2.0.0.29)
Gateway Power Management (x32 Version: 4.05.3004)
Gateway Recovery Management (x32 Version: 4.05.3005)
Gateway Registration (x32 Version: 1.02.3006)
Gateway Updater (x32 Version: 1.01.3017)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (HKCU Version: 30.0.1599.101)
GPBaseService2 (x32 Version: 130.0.371.000)
Half-Life 2 (x32)
Half-Life 2: Episode One (x32)
Half-Life 2: Episode Two (x32)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.55)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
Identity Card (x32 Version: 1.00.3002)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.4.4)
J4500 (x32 Version: 50.0.165.000)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 37 (x32 Version: 6.0.370)
K-Lite Mega Codec Pack 10.0.5 (x32 Version: 10.0.5)
Launch Manager (x32 Version: 3.0.05)
MarketResearch (x32 Version: 130.0.374.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Motorola Device Manager (x32 Version: 2.2.35)
Motorola Device Software Update (x32 Version: 1.0.41)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NVIDIA PhysX (x32 Version: 9.09.0203)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Officejet J4500 Series (Version: 13.0)
PDF-XChange Viewer (Version: 2.5.205.0)
Portal (x32)
Portal 2 (x32)
ProductContext (x32 Version: 50.0.165.000)
Psychonauts (x32)
Python 2.7.1 (x32 Version: 2.7.1150)
Realspeak American English (x32 Version: 2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
Revo Uninstaller Pro 2.1.5 (Version: 2.1.5)
Scan (x32 Version: 140.0.80.000)
Sine Mora (x32)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Super Hexagon (x32)
Super Meat Boy (x32)
SUPERAntiSpyware (Version: 5.0.1108)
System Requirements Lab CYRI (x32 Version: 6.0.3.0)
System Shock 2 (x32)
The Binding of Isaac (x32)
The Witcher: Enhanced Edition (x32)
Thomas Was Alone (x32)
To the Moon (x32)
Toolbox (x32 Version: 130.0.648.000)
Torchlight II (x32)
TrayApp (x32 Version: 130.0.422.000)
Trine (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Video Web Camera (x32 Version: 1.7.82.1203)
VisiPics V1.31 (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.1.0 (x32 Version: 2.1.0)
VVVVVV (x32)
WebReg (x32 Version: 130.0.132.017)
Welcome Center (x32 Version: 1.00.3009)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR archiver

==================== Restore Points =========================

31-10-2013 22:52:54 Test
08-11-2013 01:00:49 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-01-19 15:37 - 2013-02-01 15:33 - 00000178 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activation.cloud.techsmith.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0AEB8665-710A-4E17-BEE8-5299AF29F01A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {7D90C740-EF60-449A-8E6F-85DB960F9737} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {8A26E124-45BD-4224-9C85-80171F55880D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {ADF8E283-1FB9-4050-8980-33C1A96935AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core => C:\Users\Brand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-01] (Google Inc.)
Task: {CB5BCD66-C239-4F05-84B9-4910BCED8736} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA => C:\Users\Brand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-01] (Google Inc.)
Task: {D511D09D-89C9-4259-BD2C-289FC2E3FE92} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core.job => C:\Users\Brand\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA.job => C:\Users\Brand\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-22 19:21 - 2010-02-10 18:10 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-20 14:41 - 2013-08-20 14:39 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-26 16:57 - 2012-09-26 16:57 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2013-10-31 13:48 - 2013-10-25 20:53 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/03/2013 10:51:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13703 seconds with 3180 seconds of active time. This session ended with a crash.

Error: (12/19/2011 04:05:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/06/2011 11:09:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/10/2011 04:56:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/02/2011 07:03:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/06/2010 02:36:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/06/2010 02:12:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-07-02 02:04:13.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-02 02:04:13.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-04-16 22:14:27.265
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-04-16 22:14:27.095
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-02-09 09:31:41.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-02-09 09:31:41.361
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-11-28 00:57:48.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-11-28 00:57:48.677
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-06 20:48:56.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-06 20:48:56.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Gateway\Gateway Power Management\SysHook.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3956.5 MB
Available physical RAM: 2354.83 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5979.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:584.35 GB) (Free:320.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 72F172F1)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

==================== End Of Log ============================

OTL:
OTL logfile created on: 11/7/2013 8:10:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brand\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.76% Memory free
7.73 Gb Paging File | 5.86 Gb Available in Paging File | 75.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.35 Gb Total Space | 320.64 Gb Free Space | 54.87% Space Free | Partition Type: NTFS

Computer Name: BRAND-PC | User Name: Brand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/31 18:05:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brand\Desktop\OTL.exe
PRC - [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/04 15:25:18 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/09/04 08:13:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/04 08:13:10 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/04 08:13:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 13:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 13:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 20:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/02 13:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/28 21:00:28 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/10 04:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/10/25 20:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 21:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 20:06:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 15:25:18 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/09/04 08:13:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/04 08:13:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 13:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/04 08:13:23 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/04 08:13:23 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/08/20 14:39:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/06/08 16:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/12/30 10:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/10 06:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/15 18:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/08/24 09:23:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/22 17:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 21:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 16:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/10 16:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/13 17:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...70z165a4471y34n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...70z165a4471y34n
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gamefaqs.com"
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2
FF - prefs.js..extensions.enabledAddons: multipletab%40piro.sakura.ne.jp:0.7.2013100801
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2011020301
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/13 16:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/09/04 15:30:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 15:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/20 15:19:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/13 16:51:11 | 000,000,000 | ---D | M]

[2010/02/21 16:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\Extensions
[2013/11/01 17:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions
[2010/08/27 02:10:54 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/02/22 18:56:02 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2013/05/15 12:12:28 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2013/11/01 17:50:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Brand\AppData\Roaming\mozilla\Firefox\Profiles\nnkpemzh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/03 10:15:50 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\[email protected]
[2013/11/01 17:50:16 | 000,443,550 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\[email protected]
[2013/11/01 17:50:16 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\[email protected]
[2013/10/31 23:32:05 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/01 17:50:16 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Brand\AppData\Roaming\mozilla\firefox\profiles\nnkpemzh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/31 13:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/07 13:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/07 13:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/07 13:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/07 13:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/31 13:48:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/14 16:29:36 | 000,164,352 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brand\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Brand\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0\
CHR - Extension: HV Statistics, Tracking, and Analysis Tool (Chrome Edition) = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\endmimaaaphhlnajbpnhcoehdplphbff\5.4.0_0\
CHR - Extension: AdBlock = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: Freemake Video Converter = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: cookie.txt export = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopabhfecdfhgogdbojmaicoicjekelh\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/01 15:33:21 | 000,000,178 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [uTorrent] C:\Users\Brand\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kccsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kccsoft.com ([www] https in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://www.kccsoft.c...les/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73746A43-734B-4274-9307-25681CB3A598}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A460169D-3A99-4A40-9AAF-F3A63C15BC40}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{edd75b2e-42f3-11e2-9a48-00262d7d5c0b}\Shell - "" = AutoRun
O33 - MountPoints2\{edd75b2e-42f3-11e2-9a48-00262d7d5c0b}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MotoCast - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
MsConfig:64bit - StartUpReg: Unattend0000000001{A8125975-BD0D-4F01-8D64-0910B5C74BEE} - hkey= - key= - C:\Windows\SysNative\OEM\ConfigAp.cmd ()
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.l3acm - l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: vidc.tsc2 - C:\Windows\SysWOW64\tsc2_codec64.dll (TechSmith Corporation)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32:64bit: VIDC.X264 - x264vfw64.dll (x264vfw project)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.tsc2 - C:\Windows\SysWOW64\tsc2_codec32.dll (TechSmith Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 20:06:10 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/07 20:05:15 | 001,957,098 | ---- | C] (Farbar) -- C:\Users\Brand\Desktop\FRST64.exe
[2013/11/07 19:23:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/07 19:22:54 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Brand\Desktop\JRT.exe
[2013/11/07 19:17:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 18:17:24 | 000,000,000 | ---D | C] -- C:\Users\Brand\BIOCFormal
[2013/11/03 13:55:08 | 000,000,000 | ---D | C] -- C:\Users\Brand\Taq
[2013/11/02 23:38:17 | 000,000,000 | ---D | C] -- C:\Users\Brand\msds
[2013/10/31 18:05:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brand\Desktop\OTL.exe
[2013/10/31 13:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/10/20 15:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/10/20 15:31:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2013/10/20 15:30:59 | 003,649,536 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vfw.dll
[2013/10/20 15:30:59 | 003,554,304 | ---- | C] (x264vfw project) -- C:\Windows\SysNative\x264vfw64.dll
[2013/10/20 15:30:58 | 000,180,736 | ---- | C] (fccHandler) -- C:\Windows\SysNative\ac3acm.acm
[2013/10/20 15:30:58 | 000,122,880 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013/10/20 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Brand\Poster
[2013/10/18 09:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 09:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/18 09:28:11 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/18 09:27:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/18 09:27:56 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/18 09:27:56 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/18 09:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/09 06:44:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 06:44:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 06:44:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/09 06:44:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/09 06:44:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/09 06:44:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/09 06:44:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/09 06:44:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/09 06:44:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/09 06:44:24 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/09 06:44:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/09 06:44:21 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/09 06:44:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/09 06:44:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 06:44:19 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/08 20:22:38 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/08 20:22:36 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/08 20:22:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/08 20:22:36 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/08 20:22:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/08 20:22:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/08 20:22:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/08 20:22:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/08 20:22:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/08 20:22:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/08 20:22:27 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/08 20:22:26 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/08 20:22:20 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/08 20:22:19 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/08 20:22:18 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/08 20:22:18 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/08 20:22:17 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/08 20:22:17 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/08 20:22:17 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/08 20:22:15 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/08 20:22:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/08 20:22:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/08 20:22:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/08 20:22:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/08 20:22:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/08 20:22:03 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 20:22:03 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 20:22:01 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/08 20:21:59 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/08 20:21:59 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2 C:\Users\Brand\Documents\*.tmp files -> C:\Users\Brand\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/07 20:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/07 20:05:15 | 001,957,098 | ---- | M] (Farbar) -- C:\Users\Brand\Desktop\FRST64.exe
[2013/11/07 19:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA.job
[2013/11/07 19:28:43 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 19:28:43 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 19:22:55 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Brand\Desktop\JRT.exe
[2013/11/07 19:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/07 19:20:06 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/07 19:19:22 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/07 19:19:22 | 000,664,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/07 19:19:22 | 000,125,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/07 19:16:28 | 001,073,262 | ---- | M] () -- C:\Users\Brand\Desktop\AdwCleaner.exe
[2013/11/07 07:32:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core.job
[2013/11/06 07:31:17 | 001,098,460 | ---- | M] () -- C:\Users\Brand\Lecture 13-ETC oxidative phosphorylation- Slides.pdf
[2013/11/04 23:27:11 | 000,559,742 | ---- | M] () -- C:\Users\Brand\_Updated_ Sample Midterm #2.pdf
[2013/11/04 07:23:36 | 001,093,224 | ---- | M] () -- C:\Users\Brand\Lecture 12- Krebs cycle-Slides.pdf
[2013/11/04 03:01:50 | 000,021,750 | ---- | M] () -- C:\Users\Brand\AppData\Local\recently-used.xbel
[2013/10/31 18:05:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brand\Desktop\OTL.exe
[2013/10/31 13:52:16 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/31 13:48:39 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/30 22:43:15 | 003,858,341 | ---- | M] () -- C:\Users\Brand\Assignment 4 Solutions.pdf
[2013/10/30 21:21:54 | 001,093,480 | ---- | M] () -- C:\Users\Brand\J. Biol. Chem.-1958-Rhodes-399-408.pdf
[2013/10/28 21:29:45 | 000,004,608 | ---- | M] () -- C:\Users\Brand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/28 21:05:53 | 000,013,469 | ---- | M] () -- C:\Users\Brand\Attachment-1a.png
[2013/10/28 20:51:05 | 000,251,420 | ---- | M] () -- C:\Users\Brand\Graham+Trong.png
[2013/10/28 15:15:05 | 000,229,350 | ---- | M] () -- C:\Users\Brand\Brandon + Danielle.png
[2013/10/27 19:57:37 | 000,025,952 | ---- | M] () -- C:\Users\Brand\Danielle.png
[2013/10/27 19:57:27 | 000,003,956 | ---- | M] () -- C:\Users\Brand\Data1.zip
[2013/10/25 14:20:18 | 000,285,003 | ---- | M] () -- C:\Users\Brand\ZmURUqH.jpg
[2013/10/25 07:55:05 | 000,026,404 | ---- | M] () -- C:\Users\Brand\5da.jpg
[2013/10/22 06:27:51 | 003,500,594 | ---- | M] () -- C:\Users\Brand\Omega.pdf
[2013/10/21 03:17:08 | 000,779,880 | ---- | M] () -- C:\Users\Brand\PosterCellBioFix.pdf
[2013/10/21 00:12:13 | 000,834,129 | ---- | M] () -- C:\Users\Brand\JEbGDNx.gif
[2013/10/20 21:58:17 | 000,168,843 | ---- | M] () -- C:\Users\Brand\PageImage-512686-4777586-spiderman_neat.gif
[2013/10/19 20:02:53 | 001,011,533 | ---- | M] () -- C:\Users\Brand\JmjvP5n.gif
[2013/10/19 14:38:54 | 008,388,608 | ---- | M] () -- C:\Users\Brand\BTN_A_000113943_O_185758a.pdf
[2013/10/19 11:16:29 | 000,627,346 | ---- | M] () -- C:\Users\Brand\nature09357.pdf
[2013/10/19 11:10:33 | 000,025,952 | ---- | M] () -- C:\Users\Brand\Attachment-1.png
[2013/10/18 20:17:49 | 000,378,714 | ---- | M] () -- C:\Users\Brand\Assignment 4.pdf
[2013/10/15 20:01:10 | 000,002,368 | ---- | M] () -- C:\Users\Brand\Desktop\Google Chrome.lnk
[2013/10/14 18:11:39 | 000,022,102 | ---- | M] () -- C:\Users\Brand\999_advice_meme_by_chuchubucket-d3yzaoq.jpg
[2013/10/14 16:19:54 | 000,108,493 | ---- | M] () -- C:\Users\Brand\1382974_10202221264234295_22278252_n.jpg
[2013/10/14 09:58:31 | 000,101,661 | ---- | M] () -- C:\Users\Brand\Midterm 1 Review.pdf
[2013/10/13 12:31:09 | 004,980,180 | ---- | M] () -- C:\Users\Brand\P1010178.JPG
[2013/10/13 12:30:56 | 004,754,755 | ---- | M] () -- C:\Users\Brand\P1010177.JPG
[2013/10/11 19:04:00 | 000,346,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 06:40:51 | 000,765,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Users\Brand\Documents\*.tmp files -> C:\Users\Brand\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/07 19:16:27 | 001,073,262 | ---- | C] () -- C:\Users\Brand\Desktop\AdwCleaner.exe
[2013/11/06 07:31:16 | 001,098,460 | ---- | C] () -- C:\Users\Brand\Lecture 13-ETC oxidative phosphorylation- Slides.pdf
[2013/11/04 23:27:10 | 000,559,742 | ---- | C] () -- C:\Users\Brand\_Updated_ Sample Midterm #2.pdf
[2013/11/04 07:23:36 | 001,093,224 | ---- | C] () -- C:\Users\Brand\Lecture 12- Krebs cycle-Slides.pdf
[2013/11/04 03:01:50 | 000,021,750 | ---- | C] () -- C:\Users\Brand\AppData\Local\recently-used.xbel
[2013/10/31 13:52:16 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/31 13:48:39 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/31 13:48:39 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/30 22:43:14 | 003,858,341 | ---- | C] () -- C:\Users\Brand\Assignment 4 Solutions.pdf
[2013/10/30 21:21:53 | 001,093,480 | ---- | C] () -- C:\Users\Brand\J. Biol. Chem.-1958-Rhodes-399-408.pdf
[2013/10/29 16:50:15 | 000,108,054 | ---- | C] () -- C:\Users\Brand\C Falcon 2.wav
[2013/10/28 21:05:53 | 000,013,469 | ---- | C] () -- C:\Users\Brand\Attachment-1a.png
[2013/10/28 20:51:04 | 000,251,420 | ---- | C] () -- C:\Users\Brand\Graham+Trong.png
[2013/10/28 15:15:04 | 000,229,350 | ---- | C] () -- C:\Users\Brand\Brandon + Danielle.png
[2013/10/27 19:57:37 | 000,025,952 | ---- | C] () -- C:\Users\Brand\Danielle.png
[2013/10/27 19:57:26 | 000,003,956 | ---- | C] () -- C:\Users\Brand\Data1.zip
[2013/10/25 14:20:17 | 000,285,003 | ---- | C] () -- C:\Users\Brand\ZmURUqH.jpg
[2013/10/25 07:55:05 | 000,026,404 | ---- | C] () -- C:\Users\Brand\5da.jpg
[2013/10/22 06:27:48 | 003,500,594 | ---- | C] () -- C:\Users\Brand\Omega.pdf
[2013/10/21 03:17:08 | 000,779,880 | ---- | C] () -- C:\Users\Brand\PosterCellBioFix.pdf
[2013/10/21 00:12:12 | 000,834,129 | ---- | C] () -- C:\Users\Brand\JEbGDNx.gif
[2013/10/20 21:58:17 | 000,168,843 | ---- | C] () -- C:\Users\Brand\PageImage-512686-4777586-spiderman_neat.gif
[2013/10/20 15:31:03 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2013/10/20 15:31:00 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/10/20 15:31:00 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013/10/20 15:30:58 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/10/20 15:30:56 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/10/19 20:02:52 | 001,011,533 | ---- | C] () -- C:\Users\Brand\JmjvP5n.gif
[2013/10/19 14:38:54 | 008,388,608 | ---- | C] () -- C:\Users\Brand\BTN_A_000113943_O_185758a.pdf
[2013/10/19 11:16:29 | 000,627,346 | ---- | C] () -- C:\Users\Brand\nature09357.pdf
[2013/10/19 11:10:33 | 000,025,952 | ---- | C] () -- C:\Users\Brand\Attachment-1.png
[2013/10/18 20:17:49 | 000,378,714 | ---- | C] () -- C:\Users\Brand\Assignment 4.pdf
[2013/10/14 18:11:39 | 000,022,102 | ---- | C] () -- C:\Users\Brand\999_advice_meme_by_chuchubucket-d3yzaoq.jpg
[2013/10/14 16:19:53 | 000,108,493 | ---- | C] () -- C:\Users\Brand\1382974_10202221264234295_22278252_n.jpg
[2013/10/14 09:58:30 | 000,101,661 | ---- | C] () -- C:\Users\Brand\Midterm 1 Review.pdf
[2013/10/13 12:31:05 | 004,980,180 | ---- | C] () -- C:\Users\Brand\P1010178.JPG
[2013/10/13 12:30:52 | 004,754,755 | ---- | C] () -- C:\Users\Brand\P1010177.JPG
[2013/10/06 14:45:38 | 008,244,030 | ---- | C] () -- C:\Users\Brand\Bulletin_2895.pdf
[2013/10/02 06:51:42 | 002,916,568 | ---- | C] () -- C:\Users\Brand\P1Review.pdf
[2013/09/23 23:54:22 | 000,662,405 | ---- | C] () -- C:\Users\Brand\NFZfMsA.jpg
[2013/09/21 16:41:19 | 000,011,971 | ---- | C] () -- C:\Users\Brand\1241639_10202061917970738_1320422930_n.jpg
[2013/09/21 16:41:16 | 000,013,187 | ---- | C] () -- C:\Users\Brand\1241143_10202061915850685_1573221367_n.jpg
[2013/09/21 16:41:11 | 000,029,196 | ---- | C] () -- C:\Users\Brand\1372915_10202061915570678_1027892545_n.jpg
[2013/09/19 23:21:21 | 000,004,835 | ---- | C] () -- C:\Users\Brand\AppData\Roaming\certb.html
[2013/08/18 03:06:03 | 000,051,571 | ---- | C] () -- C:\Users\Brand\Order Complete Printer Friendly EBGames.htm
[2013/02/26 23:03:46 | 037,749,159 | ---- | C] () -- C:\Users\Brand\CHEM_2302-3_How_To_-_Flash__Large__-_20130108_04.47.47PM.mp4
[2013/02/04 07:36:42 | 001,124,481 | ---- | C] () -- C:\Users\Brand\scan0001.jpg
[2013/01/22 01:51:12 | 000,004,608 | ---- | C] () -- C:\Users\Brand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/26 07:45:04 | 091,709,867 | ---- | C] () -- C:\Users\Brand\P4G_PS3DynamicThemes_Collection.zip
[2010/02/22 20:11:08 | 000,000,253 | ---- | C] () -- C:\Users\Brand\AppData\Roaming\ANICONFIG_{F835093F-FFBB-4DB8-BC2B-2D5673A4A399}.ini
[2010/02/21 15:50:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD6400BEVT-22A0RT0
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 12583960576
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 584.00GB
Starting Offset: 12688818176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/09/19 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\100854674
[2013/03/19 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Adobe
[2010/05/18 15:47:08 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\AnvSoft
[2013/07/28 01:19:33 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Apple Computer
[2010/02/21 14:38:13 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\ATI
[2010/03/30 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Auslogics
[2011/02/27 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\avidemux
[2013/08/20 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Avira
[2012/12/31 01:41:48 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Awesome Duplicate Photo Finder
[2013/08/20 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Braid
[2012/06/27 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 16:07:56 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\CyberLink
[2010/12/13 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\dvdcss
[2010/02/21 15:37:30 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Google
[2013/08/31 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\gtk-2.0
[2010/10/13 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\HP
[2013/09/13 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\HpUpdate
[2010/02/21 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Identities
[2013/06/01 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Image Grabber II.NET
[2010/12/09 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\InstallShield
[2013/09/18 22:36:30 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Macromedia
[2010/02/22 19:15:59 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Malwarebytes
[2009/11/05 23:57:15 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Media Center Programs
[2013/09/06 19:46:41 | 000,000,000 | --SD | M] -- C:\Users\Brand\AppData\Roaming\Microsoft
[2013/09/04 16:56:36 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Motorola
[2012/12/10 14:51:34 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Motorola Mobility
[2010/02/21 16:40:32 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Mozilla
[2010/02/22 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Packard Bell
[2010/03/30 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Samsung
[2013/09/04 14:07:19 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Skype
[2012/08/01 21:52:33 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\SUPERAntiSpyware.com
[2012/12/31 04:32:39 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\SystemRequirementsLab
[2013/01/22 08:38:56 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\TechSmith
[2013/08/09 15:53:59 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\To the Moon - Freebird Games
[2013/08/08 19:19:41 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\TuneUp Software
[2013/11/07 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\uTorrent
[2013/11/07 01:46:10 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\vlc
[2010/10/31 12:20:12 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\Windows Live Writer
[2010/02/22 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\Brand\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/13 12:20:42 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/01/13 12:20:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/01/13 12:20:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/01/13 12:20:42 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 21:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C is Gateway
Volume Serial Number is A436-6488
Directory of C:\
14/07/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Brand
21/02/2010 02:36 PM <JUNCTION> Application Data [C:\Users\Brand\AppData\Roaming]
21/02/2010 02:36 PM <JUNCTION> Cookies [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Cookies]
21/02/2010 02:36 PM <JUNCTION> Local Settings [C:\Users\Brand\AppData\Local]
21/02/2010 02:36 PM <JUNCTION> My Documents [C:\Users\Brand\Documents]
21/02/2010 02:36 PM <JUNCTION> NetHood [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/02/2010 02:36 PM <JUNCTION> PrintHood [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/02/2010 02:36 PM <JUNCTION> Recent [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Recent]
21/02/2010 02:36 PM <JUNCTION> SendTo [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\SendTo]
21/02/2010 02:36 PM <JUNCTION> Start Menu [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Start Menu]
21/02/2010 02:36 PM <JUNCTION> Templates [C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Brand\AppData\Local
21/02/2010 02:36 PM <JUNCTION> Application Data [C:\Users\Brand\AppData\Local]
21/02/2010 02:36 PM <JUNCTION> History [C:\Users\Brand\AppData\Local\Microsoft\Windows\History]
21/02/2010 02:36 PM <JUNCTION> Temporary Internet Files [C:\Users\Brand\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Brand\Documents
21/02/2010 02:36 PM <JUNCTION> My Music [C:\Users\Brand\Music]
21/02/2010 02:36 PM <JUNCTION> My Pictures [C:\Users\Brand\Pictures]
21/02/2010 02:36 PM <JUNCTION> My Videos [C:\Users\Brand\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 344,055,431,168 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/10/25 20:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/10/25 20:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/10/25 20:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Brand\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Brand\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Brand\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Brand\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/10/25 20:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/10/25 20:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/10/25 20:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/10/25 20:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\BRAND\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\BRAND\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\BRAND\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\BRAND\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/22 17:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/22 17:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/22 17:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 21:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 21:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2013/10/31 16:53:38 | 104,433,978 | ---- | M] ()(C:\Windows\SysWow64\???X) -- C:\Windows\SysWow64\滫X
[2013/10/31 16:53:38 | 104,433,978 | ---- | C] ()(C:\Windows\SysWow64\???X) -- C:\Windows\SysWow64\滫X
[2013/10/30 02:17:39 | 104,098,187 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\≨跩
[2013/10/30 02:17:39 | 104,098,187 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\≨跩

< End of report >

OTL Extras logfile created on: 11/7/2013 8:10:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brand\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.76% Memory free
7.73 Gb Paging File | 5.86 Gb Available in Paging File | 75.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.35 Gb Total Space | 320.64 Gb Free Space | 54.87% Space Free | Partition Type: NTFS

Computer Name: BRAND-PC | User Name: Brand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F464D7D-5007-4552-92EC-F62AFFF3A7B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{107DBBD8-4EED-4FEE-A9B2-DED919424F63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1283EBAE-7076-444B-A815-89A76080AE16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ACED67D-7044-4F4C-A56C-137615FBDF97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F6AEED5-C553-45E9-9995-AE0E4A567D5D}" = lport=139 | protocol=6 | dir=in | app=system |
"{27178E5A-A9FF-41D5-BFC2-62735D7A96BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{27BF4BAD-3FD4-4654-9872-CD395BB74790}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CB245D4-80D0-4A4D-9C65-B3E5949FDE10}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C84C753-952E-4A00-BEA6-208240DDFD77}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CCC0FDA-3148-4D68-BC01-9D4BCAB9A64E}" = rport=445 | protocol=6 | dir=out | app=system |
"{836149E3-16B4-4EDF-8CD8-C8A5130DBFE3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8958D823-B7E7-457B-9099-1CE674F5C404}" = rport=137 | protocol=17 | dir=out | app=system |
"{8AC2F088-49F5-46F2-9C79-0F9420AB0533}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8BF1D1EC-7555-49FB-8969-7991E43CF497}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C33CE7D-1BC7-4699-9512-2825ABCE3BEE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CF94AE5-A19B-4CA9-AD46-BE0F08A7392F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{990A3B10-B88D-4EE1-9CCE-85A7C3FFCA25}" = lport=445 | protocol=6 | dir=in | app=system |
"{9DFDF056-6964-4AD1-B477-6D5334A18472}" = rport=54450 | protocol=17 | dir=out | name=utorrent |
"{ABA2E824-D447-466D-9227-E8E16D78155F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1DB8818-5BFF-46E1-908D-0AFB7EEBEDFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BB070177-0431-4224-BFC8-CDA3A5038318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB557AA7-38D2-4FF7-9B65-F3D9DC25AA0B}" = lport=54450 | protocol=6 | dir=in | name=utorrent |
"{CB9E59F9-B816-4B1A-A629-2B528334BDA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB610D59-B3E3-4E0C-88C2-AF50223EC17E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBCC6FAE-2D48-4F89-80F8-E0905012ECF9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF6CFFB4-A5A3-4686-9435-B905FD062781}" = lport=138 | protocol=17 | dir=in | app=system |
"{F11D5E00-B6CF-4204-A106-F7F721D782B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F468546A-40DB-45B7-A1C5-5B101619AA47}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F672243F-8FEA-4A5B-8FFC-988592396C9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA4FB421-EBD9-410F-B61C-483554806E49}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02909E60-41B1-476E-AC69-47DAE4BB176D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{0436D7EF-E36A-4E80-B14F-1047151CED30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{05AD6EE0-2A54-49CF-B0DA-0A6066CBB560}" = dir=out | app=%programfiles% (x86)\techsmith\camtasia studio 8\camrecorder.exe |
"{082EB377-4BE6-48DB-A677-4A464E50F576}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0AA81A7F-6D7F-4C65-8A82-4A1E7993F049}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0AB64C15-8B40-4735-B580-BEA109B04DC8}" = protocol=1 | dir=in | [email protected],-28543 |
"{0D927960-9915-4834-9AAB-797A231D3E98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{0FF80941-3487-4F8D-B6B9-CE085622072C}" = protocol=58 | dir=in | [email protected],-28545 |
"{111F86FC-DAE8-416E-90D7-E7E0472C1291}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{1523028D-F291-4D8A-87DA-63AA25F65BFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{1610271D-DC58-45FA-AB21-616390572C51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{16D0B227-173F-4277-8406-36A8C3C73DE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A49DB33-C6CB-497C-B5FC-CA43D30269AA}" = dir=out | app=%programfiles% (x86)\techsmith\camtasia studio 8\cammenuplayer.exe |
"{2056194A-025F-403B-8B4D-4025C8FF5127}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{20CA0AA6-AB1E-4B1A-B62A-43B8B553C03C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20DC6F8D-0991-4C51-BB8C-302627E55389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24563A17-8E84-4A79-A2A3-15A025ECBECA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{272A24FF-61D9-4048-AAE0-3969FD03D425}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{28536CC4-98D2-4981-BCB8-26E205989228}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{290A4231-9848-49C2-A07B-2CB2F9D340A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{29754F17-5B0C-46BC-9033-48517A5FBC9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{2AE60B14-A310-48A1-BBE4-BAA77FFC85FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B7F8F8E-2AF3-486D-A8F7-235CA2123D28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe |
"{2C111534-E6B7-4C4B-8732-EF6437F7020B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{2C2C4FB7-5062-4BA5-8F9A-E8DFEDA47D4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{31FD115F-09DB-4C20-A718-CB377DB83CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{366A2637-09F5-4B73-99F6-ABC5DFB9CFE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{36F81BD6-4695-4BC1-B188-128A9F1C4381}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{3CC46BF1-F760-4E39-ABA8-5430D223C8BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DC87898-00CD-4B85-8FF5-8C71CDC1D670}" = protocol=6 | dir=out | app=system |
"{3E9CE3FB-0753-4148-A979-CCC184BE760D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3FF4DFD0-7D7B-45BE-BEE8-1770681BC678}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{416BBEA8-B3F4-4E45-99F2-22987032AA74}" = protocol=1 | dir=out | [email protected],-28544 |
"{4440F1E3-A0DD-4E22-982A-6C3DCB7946C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FDDA10-76E0-4E70-BF95-989E50C6ADF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{4CC4613B-E22C-41A1-9B0B-3CF04326928D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E078FF6-36D9-4E2B-B2BD-7BE1D057CAF8}" = protocol=6 | dir=in | app=c:\users\brand\appdata\roaming\utorrent\utorrent.exe |
"{4E854740-6919-48E8-857B-8C6AB662EC8E}" = protocol=17 | dir=in | app=c:\users\brand\appdata\roaming\utorrent\utorrent.exe |
"{51D2B3C1-CBF7-4845-B141-05C695757CB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53750028-0AB6-463D-9AE1-5D6FF235D49C}" = dir=out | app=%programfiles% (x86)\techsmith\camtasia studio 8\camtasiastudio.exe |
"{539BC3A3-0503-4DFF-8AAD-DC05A81376CE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{559D48BC-A673-4B96-9C63-5B01ACDFBDC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5661F89D-37FF-40E4-A96F-681CDEB0AF23}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{568E0970-0AFA-4413-BC20-A9C5987777AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{57DB96B4-2B41-4323-962D-46C0522D826E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5A0C4901-1DF4-4204-B735-B4240F2F808A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{5D480E91-7318-44F8-9517-50A7C30BE742}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5D6B5CAC-68B5-4980-A1E1-617EB55072F0}" = protocol=17 | dir=in | app=e:\sst\remove av\0symnrt\symnrt.exe |
"{5D9CA2FC-ED50-4F54-9F12-0F7E7A1FA2E0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5DDEE033-8C02-41FA-86E2-6868CE98DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe |
"{5E65AFD6-8E74-48FE-AEA4-131030D0A705}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{60FB5557-A1BB-467F-973D-22FC0D810B20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{614AADA7-685C-490A-A5C2-568B0D7DFAE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{62F31F80-C55B-4714-B669-1ABDD8087C81}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{641E6118-C764-4B9D-9E13-53504FA76E50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{664391E5-C82D-42B4-87E6-CE8B9D78694B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{6C406CF3-CE63-4942-9B99-BAFFF36D9893}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{6D7CA7C6-12F1-42DF-B406-2F4A0B427798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6EBFD862-8C47-4E90-A0CF-7A81FC8EAA16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{702111B1-E3AF-47C3-A9AA-8CE98621A532}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{7AC4A716-760B-43FC-8BAD-A2AB0B01EBE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7DF05183-A4B7-4191-91BF-A3DD9503CA1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7F9528E9-1580-4BEA-AF82-1F284C4D59CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{81642D80-F2A9-4C7D-8D4A-95661D0EBE60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe |
"{831FF428-380E-4CFB-B6FB-3EC571CAFFA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{85E848D7-6AFB-46ED-9932-0AB3D8EF8514}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{86DDB94D-5A2C-40F6-9FCB-36FC03C86D62}" = dir=out | app=%programfiles% (x86)\techsmith\camtasia studio 8\camplay.exe |
"{88B5FD7B-B5F3-4E01-8471-665ADA383C89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B70789E-B03D-4601-A717-FBB5BA0EB2AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{8D64D88F-ED61-42AF-A475-A6929D700534}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{8DBC6DD0-B230-44A9-BB68-682374B6E32F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{907DBCD3-F6A2-4779-A067-428131D8000A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{93B5CF98-E8A6-44A8-B84F-F01BF2391D95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{95A71E15-4A70-4D1F-8EDA-093DC2B92F99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9A34AD4F-4BA6-42D4-899E-AB8073902C0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{9D299E81-F785-4FAC-81A9-06717F7F1964}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{9D942482-5D20-4D03-909D-A3ACD371E2BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{A05F5E82-5B5E-47A3-8A1F-C9063F7E3E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{A7899387-85BA-48E4-8532-939E6575D355}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF8C57E9-BAE1-4FEE-9D5C-D32A24745FD2}" = dir=in | app=%programfiles% (x86)\techsmith\camtasia studio 8\camtasiastudio.exe |
"{B478BC39-7E55-4AEB-A2ED-A7949DDC4B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{B4CCA812-6551-4479-B56B-6CE55A5C0657}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{B7534E7F-011C-4A41-B17E-43689AD0C55B}" = dir=out | app=%programfiles% (x86)\techsmith\camtasia studio 8\cammenumaker.exe |
"{B90DABF3-036E-40CC-A9AA-A6295C557C4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{B914672E-DBFE-47B5-B67F-476F16BD0B5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{BB356606-DB53-420E-B47F-84A50FD29E57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{BD715910-36AD-4DFC-B5BD-4BE0DF7CC395}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{BDAA82CC-54A3-41FA-A663-697B901F343B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super hexagon\superhexagon.exe |
"{BF3F3979-D34C-44E6-B782-0F54C9773ED0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BF629864-52BE-49EF-8637-A306AB52BD35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{BFCE566B-9ED2-4D87-8BE8-317A3CA8735B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{CAA51600-F292-4B0E-B7AA-E75DA78BD547}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{CC0220FD-CC36-401F-BDFF-DA52641207E8}" = protocol=58 | dir=out | [email protected],-28546 |
"{CCD11AEA-1BCA-40A8-93AF-578A8A3408B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{CD320860-1E30-4195-B7CF-C778C0F5A1DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD4718B8-CEEC-40AB-BCD4-11648C6D9EFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{D01E0418-091C-48EA-B0D8-C3E1C5D14BCC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0E8C83C-56EE-4951-AB6E-B24A0891761F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D281191D-2DC6-4E97-AFE9-1C6FBC94E772}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{D289894D-1989-4EAE-BEA1-00525D0DB95C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D47CB254-AA1F-412A-90B7-0165A54A5858}" = dir=out | app=%programfiles% (x86)\techsmith\camtasia studio 8\tschelp.exe |
"{D8B4CFB3-D612-449D-A1A3-3AA79955C2D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D944CC9E-63EC-483D-83B9-342ACED74B74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DDA28510-F691-46A3-82D8-3208983AEEC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{DE2A83F0-7E3F-4316-8CF0-672D79AF50F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{E053976C-D7B7-4C0B-91B4-918F91B91FBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{E3CDFB10-D606-4BD8-9FE8-FCDC83CC2CF7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{E6501311-467D-48B8-90AF-1C6B005B8AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{E7EE23B8-681B-415D-A3EB-274720969077}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{E8D47947-E9C8-4BD3-8E09-676BA77C5A2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6F3F51-ED71-4A84-8771-7B70E0774909}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{EB3D2034-9FE4-4FFE-B69E-AFB93C80A689}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ss2\shock2.exe |
"{EB49FBAA-1241-4A13-AFCA-5B4203A78B66}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EC6DDC12-42AE-4672-B900-EC10B521241E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{EF29DB0C-12CB-48D2-8EFD-B9A5826ED9FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{F2534FFF-661C-4A06-ACF6-3BF9159C817D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2637DB7-4E4A-4E84-BD15-61B942096076}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F3723491-78CD-4134-A884-F29908EABE39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe |
"{F3B4D8E2-3CA2-450A-BCAF-06A0095F8F49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4B29149-7868-479B-9864-9D51F760B00F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F8A11832-6CB1-48D8-9FCD-1E566BD44DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{FA398AB8-EBCF-4CD1-A7FC-995F19BDE0F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC22625F-B457-4E0B-91A7-00C8F8698BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{FE15A836-8F06-4E53-AD74-DE8BD1D4443C}" = protocol=6 | dir=in | app=e:\sst\remove av\0symnrt\symnrt.exe |
"{FFFF3729-8B86-4939-9EC0-13F97085B6F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"TCP Query User{0939C50A-44DF-40C8-83F9-E2C77CE69750}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{1CEE9269-B170-4786-B544-1E8F3A01FF96}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{23D3037F-A880-447D-B68C-8643631275B6}C:\python27\python.exe" = protocol=6 | dir=in | app=c:\python27\python.exe |
"TCP Query User{24DB5832-EF29-4B0B-8985-1351FB6A1D09}C:\users\brand\documents\gaming\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe" = protocol=6 | dir=in | app=c:\users\brand\documents\gaming\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe |
"TCP Query User{69EC7D5B-33E9-42C2-A2D7-429BED253F11}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{87F79F69-AFEB-4765-8241-19DF880219F7}C:\users\brand\documents\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe" = protocol=6 | dir=in | app=c:\users\brand\documents\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe |
"TCP Query User{F4BF5597-7A29-4CAE-8B16-7CD3FF52B81C}C:\users\brand\documents\hypergts_1.01\hypergts\hypergts.exe" = protocol=6 | dir=in | app=c:\users\brand\documents\hypergts_1.01\hypergts\hypergts.exe |
"TCP Query User{FD6FBA14-2FA2-42E8-8DDE-D1BC564A29D9}C:\python26\python.exe" = protocol=6 | dir=in | app=c:\python26\python.exe |
"TCP Query User{FEDDD28B-59C3-48E0-97C4-8BF0AC5C0317}C:\users\brand\documents\gaming\poke\hypergts\main\hypergts_1.01\hypergts\hypergts.exe" = protocol=6 | dir=in | app=c:\users\brand\documents\gaming\poke\hypergts\main\hypergts_1.01\hypergts\hypergts.exe |
"TCP Query User{FF6FAE12-82D0-40FC-BB68-F5F316444848}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{21153BC9-BBED-4C7D-8823-2E3C882EC8F7}C:\users\brand\documents\hypergts_1.01\hypergts\hypergts.exe" = protocol=17 | dir=in | app=c:\users\brand\documents\hypergts_1.01\hypergts\hypergts.exe |
"UDP Query User{28BFDE57-7C7D-4D87-961C-E1E407B2CEBC}C:\users\brand\documents\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe" = protocol=17 | dir=in | app=c:\users\brand\documents\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe |
"UDP Query User{354A1840-115E-4569-BD2E-A24D3B23C764}C:\python26\python.exe" = protocol=17 | dir=in | app=c:\python26\python.exe |
"UDP Query User{36A88005-58F4-433C-960C-EFF34B9B6449}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{3894BCCF-DA8E-4778-8EDB-45A93DC2E01F}C:\python27\python.exe" = protocol=17 | dir=in | app=c:\python27\python.exe |
"UDP Query User{3EBA3116-95A4-4519-93DE-6A71F27C68CA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{4B8F85B4-1469-481C-AFDD-BFFA329B10C6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6A764C83-A812-4C8E-B1A7-2D3BFA185569}C:\users\brand\documents\gaming\poke\hypergts\main\hypergts_1.01\hypergts\hypergts.exe" = protocol=17 | dir=in | app=c:\users\brand\documents\gaming\poke\hypergts\main\hypergts_1.01\hypergts\hypergts.exe |
"UDP Query User{E8CFB8AC-38B7-4406-A3D6-F5889B087B73}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{F24F7F68-8020-4369-A8C4-7851B1D21ADA}C:\users\brand\documents\gaming\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe" = protocol=17 | dir=in | app=c:\users\brand\documents\gaming\poke\hypergts\main\pkmsendportcheck\pkmsendportcheck.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"GIMP-2_is1" = GIMP 2.8.6
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935B40F5-6994-4868-9155-F9FB77A5048F}" = Microsoft Expression Encoder 4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.1.7
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Awesome Duplicate Photo Finder_is1" = Awesome Duplicate Photo Finder v. 1.1
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.4
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.0.5
"LManager" = Launch Manager
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RS2_Enu_is1" = Realspeak American English
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding of Isaac
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 19900" = Far Cry 2
"Steam App 200710" = Torchlight II
"Steam App 200900" = Cave Story+
"Steam App 206440" = To the Moon
"Steam App 207040" = Sine Mora
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 212680" = FTL: Faster Than Light
"Steam App 220" = Half-Life 2
"Steam App 220780" = Thomas Was Alone
"Steam App 221640" = Super Hexagon
"Steam App 238210" = System Shock 2
"Steam App 26800" = Braid
"Steam App 35700" = Trine
"Steam App 380" = Half-Life 2: Episode One
"Steam App 3830" = Psychonauts
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 70300" = VVVVVV
"VisiPics_is1" = VisiPics V1.31
"VLC media player" = VLC media player 2.1.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 06/08/2010 3:12:54 AM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/08/2010 3:36:04 AM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/03/2011 8:03:17 PM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/04/2011 5:56:01 PM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/05/2011 12:09:05 AM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/12/2011 5:05:00 AM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03/11/2013 11:51:04 PM | Computer Name = Brand-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13703
seconds with 3180 seconds of active time. This session ended with a crash.


< End of report >

Process Explorer:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 93.35 0 K 24 K 0
procexp64.exe 2.10 28,232 K 48,688 K 2684 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
firefox.exe 1.54 263,588 K 290,920 K 3068 Firefox Mozilla Corporation (Verified) Mozilla Corporation
lsass.exe 0.63 5,248 K 12,420 K 600 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.59 5,092 K 10,372 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.54 31,792 K 29,992 K 2044 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.44 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.32 3,180 K 8,644 K 544 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.20 216 K 4,580 K 4
ePowerTray.exe 0.10 4,532 K 10,168 K 1772 ePowerTray Acer Incorporated (Verified) Acer Incorporated
ePowerEvent.exe 0.06 2,164 K 5,152 K 3652 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
explorer.exe 0.03 72,452 K 91,612 K 4824 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ApMsgFwd.exe 0.03 2,204 K 5,584 K 4396 ApMsgFwd Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
LMS.exe 0.02 2,724 K 5,056 K 2848 Local Manageability Service Intel Corporation (Verified) Intel Corporation
GregHSRW.exe 0.01 1,704 K 5,000 K 2764 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
AppleMobileDeviceService.exe 0.01 2,888 K 9,200 K 1764 MobileDeviceService Apple Inc. (Verified) Apple Inc.
Apoint.exe < 0.01 3,844 K 10,568 K 1784 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
UNS.exe < 0.01 3,728 K 8,724 K 4244 User Notification Service Intel Corporation (Verified) Intel Corporation
SASCORE64.EXE < 0.01 1,584 K 3,768 K 1592 Core Service SUPERAntiSpyware.com (The operation completed successfully) SUPERAntiSpyware.com
avgnt.exe < 0.01 7,332 K 3,532 K 2324 Avira System Tray Tool Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
SearchIndexer.exe < 0.01 46,196 K 38,676 K 4084 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 11,004 K 10,872 K 1708 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
FreemakeUtilsService.exe < 0.01 25,840 K 25,780 K 1956 FreemakeUtilsService Freemake (No signature was present in the subject) Freemake
svchost.exe < 0.01 10,848 K 18,864 K 292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 27,836 K 42,700 K 368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe < 0.01 5,048 K 10,208 K 2980 Backup Manager Module NewTech Infosystems, Inc. (Verified) NewTech Infosystems
WLIDSVC.EXE < 0.01 7,136 K 14,464 K 2604 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe < 0.01 31,048 K 32,336 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,348 K 13,884 K 4296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,836 K 16,984 K 4200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,652 K 5,180 K 456 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
OTL.exe < 0.01 17,932 K 30,508 K 3628 OldTimer Tools (No signature was present in the subject) OldTimer Tools
HpqSRmon.exe < 0.01 1,544 K 5,232 K 2140 HpqSRmon Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
avguard.exe < 0.01 260,900 K 4,248 K 4000 Avira On-Access Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe < 0.01 20,916 K 23,716 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 148,152 K 156,888 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 3,280 K 7,324 K 3540 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 10,124 K 18,080 K 3432 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,512 K 3,480 K 3320 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,112 K 7,512 K 852 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,948 K 4,860 K 520 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,472 K 6,776 K 3488 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 10,308 K 12,964 K 1880 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,356 K 18,372 K 1480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,212 K 2,904 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,280 K 9,468 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,156 K 6,168 K 2428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,368 K 3,740 K 528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,436 K 5,812 K 3936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,384 K 3,772 K 2952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,664 K 3,836 K 2824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,280 K 7,924 K 2804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,340 K 5,480 K 668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,588 K 13,304 K 1428 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 544 K 1,192 K 316 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 7,844 K 11,264 K 584 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SeaPort.exe 4,080 K 8,896 K 952 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation (Verified) Microsoft Corporation
sched.exe 3,668 K 2,888 K 1460 Avira Scheduler Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
procexp.exe 2,556 K 7,756 K 2204 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MotoHelperService.exe 2,856 K 7,812 K 2872 MotoHelper Service (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe 3,244 K 8,696 K 3040 MotoHelperAgent (Verified) Motorola Mobility Inc.
mDNSResponder.exe 2,232 K 5,672 K 1388 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,696 K 4,448 K 608 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 1,204 K 4,436 K 2332 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
IAANTmon.exe 2,260 K 6,376 K 2612 RAID Monitor Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 1,052 K 3,600 K 2156 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
Hidfind.exe 2,308 K 5,704 K 4480 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
ForwardDaemon.exe 1,528 K 4,696 K 1196 ForwardDemon Motorola (No signature was present in the subject) Motorola
ePowerSvc.exe 2,944 K 7,148 K 1920 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
dllhost.exe 2,860 K 6,820 K 2588 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,780 K 7,232 K 4272 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 2,096 K 5,704 K 4516 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
avshadow.exe 1,928 K 4,168 K 3736 Avira Shadow Copy Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
atiesrxx.exe 1,696 K 4,488 K 884 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,332 K 6,120 K 1216 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,228 K 3,904 K 1620 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ApntEx.exe 2,752 K 6,296 K 4488 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
AmIcoSinglun64.exe 2,608 K 6,964 K 1856 Single LUN Icon Utility for VID 058F PID 6366 AlcorMicro Co., Ltd. (No signature was present in the subject) AlcorMicro Co., Ltd.

Attached Files


  • 0

#4
RKinner
Posted 07 November 2013 - 09:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
Looks like it's getting too hot. Speccy says it's at 86 °C which is near critical. I like to see a laptop running in the 45 to 55 range. A hot CPU will slow down in order to protect itself.

Try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 55) then check Automatic Fan Speed.
Leave it running and see if the temps drop.
Also prop up the back of the laptop with a book (don't block the vents). Propping it up in the back lets the heat rise to the heatsink which should make it cool a bit better.

Most overheat problems are caused by dust clogging the fins of the heatsink. Sometimes it's easy to get to them and other times it's major surgery. Lots of how to video on youtube.



Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You have the latest Java but you also have an obsolete version.
Go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 37

Java has been very vulnerable to infection so unless you absolutely need it you should probably uninstall it.

If you must have Java then:

Go into Control Panel, Java, Security and set the slider to the Highest then OK.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that
  • 0

#5
KeraCkeo
Posted 07 November 2013 - 10:35 PM

KeraCkeo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hrm, I had feared it might have been an overheating problem, since I had noticed it gets really hot really quickly when running even decade-old games tat I assumed this laptop could handle with no problem for at least 2 years now. I've had some minor problems that I attributed to the heat problem, but definitely didn't expect it to turn into something like this. Don't know how it ended up like this...

Anyways, downloaded speedfan and I'll give it a try. Do I have to leave the program open all the time, or is this something where I can check the box, close the window and let it run in the background?

Also removed old Java. Don't know how I missed that. I'm usually pretty good at remembering to get rid of old versions of it.

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Brand at 2013-11-07 23:25:25 Run:1
Running from C:\Users\Brand\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: DownloadHelper - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Users\Brand\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.1.exe
C:\Users\Brand\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Brand\AppData\Local\Temp\oi_{6BB88B81-7DFD-4BAB-BCF6-7A32E3D11BA1}.exe
C:\Users\Brand\AppData\Local\Temp\Quarantine.exe
C:\Users\Brand\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Brand\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Brand\AppData\Local\Temp\uttD46F.tmp.exe
C:\Users\Brand\AppData\Local\Temp\vlc-2.0.8-win32.exe

*****************

C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Users\Brand\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.1.exe => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\oi_{6BB88B81-7DFD-4BAB-BCF6-7A32E3D11BA1}.exe => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\uttD46F.tmp.exe => Moved successfully.
C:\Users\Brand\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#6
RKinner
Posted 02 December 2013 - 11:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
Sorry I seem to have lost you. Did you ever do anything about the heat problem? I understand you couldn't get speedfan to work. (Did you remember to right click on it and Run As Admin when you installed it and then again when you ran it from the shortcut?)

There are several other similar programs you can try:

See if you can get Coretemp to run: http://www.alcpu.com/CoreTemp/

If it won't give you the temps then go back to Speccy:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Also run a new FRST scan and post the log.
  • 0

#7
KeraCkeo
Posted 02 December 2013 - 09:47 PM

KeraCkeo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes, I both installed and ran Speedfan as an Administrator. The problem seems to be that there's practically nothing showing up on the window, and I believe the automatic fan speed feature isn't working properly as a result. To compare, here's a link to a video talking about Speedfan:

At around 2:19, the Speedfan window is open. Of the things below the CPU Usage area, my window only has the temperatures (middle right) and the GPU Vddc voltage (bottom). Everything else in that region is an absolute blank.

I assume your recommendation of Speedfan was its ability to hopefully make the fans cool down my system? If so, do your other two suggestions do the same? If not, let's maybe see if we can get Speedfan working before I go for the other two. :)

Here is the FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2013
Ran by Brand (administrator) on BRAND-PC on 02-12-2013 22:37:40
Running from C:\Users\Brand\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Brand\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-01] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Brand\AppData\Roaming\uTorrent\uTorrent.exe [904272 2013-11-18] (BitTorrent Inc.)
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
MountPoints2: {edd75b2e-42f3-11e2-9a48-00262d7d5c0b} - E:\MotoCastSetup.exe -a
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...70z165a4471y34n
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...70z165a4471y34n
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} http://www.kccsoft.c...les/awswaxd.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default
FF Homepage: www.gamefaqs.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Brand\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Linkification - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF Extension: oldbar - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF Extension: GameFOX - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF Extension: DownloadHelper - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: compatibility - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\[email protected]
FF Extension: multipletab - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\[email protected]
FF Extension: personas - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\[email protected]
FF Extension: Adblock Plus - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\Brand\AppData\Roaming\Mozilla\Firefox\Profiles\nnkpemzh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.gamefaqs.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Brand\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Brand\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brand\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Brand\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Tampermonkey) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: (HV Statistics, Tracking, and Analysis Tool (Chrome Edition)) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\endmimaaaphhlnajbpnhcoehdplphbff\5.4.0_0
CHR Extension: (AdBlock) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Freemake Video Converter) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (cookie.txt export) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopabhfecdfhgogdbojmaicoicjekelh\1.0_0
CHR Extension: (Google Wallet) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Brand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Brand\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-02-28] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-04] (Freemake)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
S3 ANIWZCSdService; C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [x]

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 22:37 - 2013-12-02 22:37 - 01959402 _____ (Farbar) C:\Users\Brand\Desktop\FRST64.exe
2013-12-02 22:37 - 2013-12-02 22:37 - 00018515 _____ C:\Users\Brand\Desktop\FRST.txt
2013-12-02 22:35 - 2013-12-02 22:35 - 02143832 _____ C:\Users\Brand\instsf449.exe
2013-12-02 22:35 - 2013-12-02 22:35 - 00000970 _____ C:\Users\Brand\Desktop\SpeedFan.lnk
2013-12-02 22:35 - 2013-12-02 22:35 - 00000000 ____D C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-30 22:32 - 2013-11-30 22:32 - 00001139 _____ C:\Users\Public\Desktop\FireAlpaca.lnk
2013-11-30 22:32 - 2013-11-30 22:32 - 00000000 ____D C:\Users\Brand\AppData\Local\FireAlpaca
2013-11-30 22:32 - 2013-11-30 22:32 - 00000000 ____D C:\Program Files (x86)\FireAlpaca
2013-11-30 22:28 - 2013-11-30 22:28 - 00006416 _____ C:\Users\Brand\AppData\Local\recently-used.xbel
2013-11-28 17:44 - 2013-11-28 17:51 - 00000000 ____D C:\Users\Brand\Humble
2013-11-25 01:54 - 2013-11-25 01:55 - 12787320 _____ C:\Users\Brand\Assignment 5 Solutions.pptx
2013-11-23 20:24 - 2013-11-24 15:26 - 00000000 ____D C:\Users\Brand\Biophysical
2013-11-20 22:58 - 2013-11-20 22:58 - 01973746 _____ C:\Users\Brand\Lecture Handout Other Topics in 1D NMR.pptx
2013-11-18 13:37 - 2013-11-18 13:37 - 01532526 _____ C:\Users\Brand\2D NMR Combined Problems Part 2.pptx
2013-11-17 15:58 - 2013-11-17 15:58 - 00000662 _____ C:\Users\Brand\BrandonDanielleSample100xDilution.txt
2013-11-17 15:58 - 2013-11-17 15:58 - 00000662 _____ C:\Users\Brand\BrandonDanielleBSA.txt
2013-11-14 07:22 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 07:22 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 07:22 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 07:22 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 07:22 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 07:22 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 07:22 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 07:22 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 07:22 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 07:22 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 07:22 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 07:22 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 07:27 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 07:27 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 07:27 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 07:27 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 07:27 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:27 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 07:27 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 07:27 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 07:27 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 07:27 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 07:27 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 07:27 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 07:27 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 07:27 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 07:27 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 07:27 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 07:27 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:27 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 07:27 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 07:27 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 07:27 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 07:27 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 07:27 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 07:27 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 07:27 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 07:27 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 07:27 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 07:27 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 07:27 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 07:27 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 00:29 - 2013-11-09 00:30 - 1428574208 _____ C:\Users\Brand\capture-5.camrec
2013-11-08 23:53 - 2013-11-08 23:54 - 131522560 _____ C:\Users\Brand\capture-4.camrec
2013-11-08 23:44 - 2013-11-08 23:45 - 469168128 _____ C:\Users\Brand\capture-3.camrec
2013-11-08 21:44 - 2013-11-08 21:44 - 180838400 _____ C:\Users\Brand\capture-2.camrec
2013-11-08 21:20 - 2013-11-08 21:23 - 1773465600 _____ C:\Users\Brand\capture-1.camrec
2013-11-07 23:23 - 2013-10-08 06:51 - 00796072 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-11-07 23:19 - 2013-12-02 22:35 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-11-07 23:19 - 2013-12-02 22:35 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-11-07 20:06 - 2013-11-07 20:06 - 00000000 ____D C:\FRST
2013-11-07 19:23 - 2013-11-07 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 19:17 - 2013-11-07 19:19 - 00000000 ____D C:\AdwCleaner
2013-11-03 18:17 - 2013-11-05 07:26 - 00000000 ____D C:\Users\Brand\BIOCFormal
2013-11-03 13:55 - 2013-11-03 17:23 - 00000000 ____D C:\Users\Brand\Taq
2013-11-02 23:38 - 2013-11-02 23:38 - 00000000 ____D C:\Users\Brand\msds

==================== One Month Modified Files and Folders =======

2013-12-02 22:38 - 2013-12-02 22:37 - 00018515 _____ C:\Users\Brand\Desktop\FRST.txt
2013-12-02 22:37 - 2013-12-02 22:37 - 01959402 _____ (Farbar) C:\Users\Brand\Desktop\FRST64.exe
2013-12-02 22:35 - 2013-12-02 22:35 - 02143832 _____ C:\Users\Brand\instsf449.exe
2013-12-02 22:35 - 2013-12-02 22:35 - 00000970 _____ C:\Users\Brand\Desktop\SpeedFan.lnk
2013-12-02 22:35 - 2013-12-02 22:35 - 00000000 ____D C:\Users\Brand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-02 22:35 - 2013-11-07 23:19 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-12-02 22:35 - 2013-11-07 23:19 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-12-02 22:35 - 2010-02-21 14:36 - 00000000 ____D C:\Users\Brand
2013-12-02 22:32 - 2011-09-01 19:28 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000UA.job
2013-12-02 22:06 - 2013-02-09 12:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 22:04 - 2013-08-19 18:13 - 00000000 ____D C:\Users\Brand\dwhelper
2013-12-02 21:58 - 2013-08-23 02:51 - 00000000 ____D C:\Users\Brand\Post-Archive
2013-12-02 21:25 - 2010-09-29 19:53 - 04971520 ___SH C:\Users\Brand\Thumbs.db
2013-12-02 21:24 - 2010-02-21 16:39 - 00000000 ____D C:\Users\Brand\AppData\Roaming\uTorrent
2013-12-02 20:42 - 2013-08-23 02:06 - 00000000 ____D C:\Users\Brand\Documents\Torrents
2013-12-02 18:41 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 18:41 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 13:20 - 2010-05-12 21:38 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-02 07:32 - 2011-09-01 19:28 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071175079-51441937-669332423-1000Core.job
2013-12-02 07:23 - 2010-01-13 12:37 - 01897447 _____ C:\Windows\WindowsUpdate.log
2013-11-30 22:43 - 2013-01-21 17:10 - 00000000 ____D C:\Users\Brand\AppData\Local\CrashDumps
2013-11-30 22:32 - 2013-11-30 22:32 - 00001139 _____ C:\Users\Public\Desktop\FireAlpaca.lnk
2013-11-30 22:32 - 2013-11-30 22:32 - 00000000 ____D C:\Users\Brand\AppData\Local\FireAlpaca
2013-11-30 22:32 - 2013-11-30 22:32 - 00000000 ____D C:\Program Files (x86)\FireAlpaca
2013-11-30 22:28 - 2013-11-30 22:28 - 00006416 _____ C:\Users\Brand\AppData\Local\recently-used.xbel
2013-11-30 22:28 - 2013-09-04 15:18 - 00000000 ____D C:\Users\Brand\.gimp-2.8
2013-11-29 13:51 - 2010-02-22 19:21 - 00000000 ____D C:\Users\Brand\AppData\Roaming\vlc
2013-11-29 04:41 - 2013-09-04 16:01 - 00000000 ____D C:\Users\Brand\AppData\Local\gtk-2.0
2013-11-28 23:34 - 2013-08-08 21:21 - 00013719 _____ C:\Windows\setupact.log
2013-11-28 19:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 17:51 - 2013-11-28 17:44 - 00000000 ____D C:\Users\Brand\Humble
2013-11-25 18:06 - 2013-02-09 12:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-25 18:06 - 2012-04-03 07:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-25 18:06 - 2011-05-16 09:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-25 18:06 - 2010-04-04 13:41 - 00000000 ____D C:\Users\Brand\AppData\Local\Adobe
2013-11-25 07:59 - 2013-08-20 14:44 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-25 07:59 - 2013-08-20 14:41 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-25 07:59 - 2013-08-20 14:41 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-25 07:59 - 2013-08-20 14:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 01:55 - 2013-11-25 01:54 - 12787320 _____ C:\Users\Brand\Assignment 5 Solutions.pptx
2013-11-24 15:26 - 2013-11-23 20:24 - 00000000 ____D C:\Users\Brand\Biophysical
2013-11-23 18:11 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 22:58 - 2013-11-20 22:58 - 01973746 _____ C:\Users\Brand\Lecture Handout Other Topics in 1D NMR.pptx
2013-11-19 23:08 - 2013-09-12 21:24 - 00000000 ____D C:\Users\Brand\2013
2013-11-18 13:37 - 2013-11-18 13:37 - 01532526 _____ C:\Users\Brand\2D NMR Combined Problems Part 2.pptx
2013-11-18 11:28 - 2012-05-02 02:34 - 00005120 ___SH C:\Users\Brand\AppData\Thumbs.db
2013-11-17 15:58 - 2013-11-17 15:58 - 00000662 _____ C:\Users\Brand\BrandonDanielleSample100xDilution.txt
2013-11-17 15:58 - 2013-11-17 15:58 - 00000662 _____ C:\Users\Brand\BrandonDanielleBSA.txt
2013-11-16 20:47 - 2013-08-26 22:42 - 00000671 _____ C:\Users\Brand\temp.txt
2013-11-15 19:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 18:39 - 2011-09-01 19:30 - 00002368 _____ C:\Users\Brand\Desktop\Google Chrome.lnk
2013-11-14 07:22 - 2009-11-06 15:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 07:21 - 2013-08-14 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 07:18 - 2010-02-21 16:09 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 11:02 - 2013-01-22 01:51 - 00004608 _____ C:\Users\Brand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-11 07:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-11 07:33 - 2011-09-16 08:10 - 00000000 ____D C:\Users\Brand\Documents\Fax
2013-11-09 00:30 - 2013-11-09 00:29 - 1428574208 _____ C:\Users\Brand\capture-5.camrec
2013-11-08 23:54 - 2013-11-08 23:53 - 131522560 _____ C:\Users\Brand\capture-4.camrec
2013-11-08 23:45 - 2013-11-08 23:44 - 469168128 _____ C:\Users\Brand\capture-3.camrec
2013-11-08 21:44 - 2013-11-08 21:44 - 180838400 _____ C:\Users\Brand\capture-2.camrec
2013-11-08 21:23 - 2013-11-08 21:20 - 1773465600 _____ C:\Users\Brand\capture-1.camrec
2013-11-07 23:23 - 2010-05-13 00:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-07 20:06 - 2013-11-07 20:06 - 00000000 ____D C:\FRST
2013-11-07 19:23 - 2013-11-07 19:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 19:19 - 2013-11-07 19:17 - 00000000 ____D C:\AdwCleaner
2013-11-05 07:26 - 2013-11-03 18:17 - 00000000 ____D C:\Users\Brand\BIOCFormal
2013-11-05 07:26 - 2013-08-01 08:50 - 00000000 ____D C:\Users\Brand\Ipad Backup
2013-11-03 17:23 - 2013-11-03 13:55 - 00000000 ____D C:\Users\Brand\Taq
2013-11-02 23:38 - 2013-11-02 23:38 - 00000000 ____D C:\Users\Brand\msds

Files to move or delete:
====================
C:\Users\Brand\instsf449.exe


Some content of TEMP:
====================
C:\Users\Brand\AppData\Local\Temp\avgnt.exe
C:\Users\Brand\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Brand\AppData\Local\Temp\sfareca00001.dll
C:\Users\Brand\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 18:07

==================== End Of Log ============================
  • 0

#8
RKinner
Posted 02 December 2013 - 10:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
Mostly I want to know what temps we are getting. The Automatic Fan Control is just something to try. If it doesn't work then you need to either get a cooling tray or open it up and clean the heatsink and replace the thermal paste. (If the fan is not running you may need to replace it.) Appears this is a Gateway and I don't know how hard it is to do on a Gateway. On a Dell it's just about 8 screws but on an HP it's major surgery. What model is this?
  • 0

#9
KeraCkeo
Posted 02 December 2013 - 11:29 PM

KeraCkeo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Model is MS2288.

I've already got a cooling tray actually, and since the post on the 7th, it's pretty much plugged into the laptop 100% of the time. It... doesn't seem to be having much of an effect. Speedfan says temperatures are from 45 (HD0) to ~70 (GPU).

As for the fan, I've tried unscrewing the bottom of the laptop but I couldn't reach it. To quote you, I think it would require "major surgery". I've contemplated bringing the laptop to the store where I bought it to have it checked out, but in hindsight, I'd imagine it'd cost me money that I really couldn't afford to spend at the moment (if I had money to spend, I would have just jumped to a new, more improved laptop).

Edited by KeraCkeo, 02 December 2013 - 11:32 PM.

  • 0

#10
RKinner
Posted 02 December 2013 - 11:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
It's important that the fan from your cooler tray blows right into the air intakes.

Looking at this video:
I'm not sure how close your laptop is to the one in the video but it appears to be fairly easy to get the fan out. Don't think you need to take the keyboard out and you might be able to get it out without taking the hard drive out. Once you get the fan assembly out you will see a lot of dust built up on the heatsink which needs to be removed. I just use a small brush and a vacuum cleaner hose.Before you put it back together you should remove the old thermal paste and put some new down. I use a kit from Arctic Silver 5: http://www.amazon.co.../ref=pd_cp_pc_2 You use 1 to clean then a second to prepare then a little of the paste (not a lot). I smear it around with a toothpick.
  • 0

#11
KeraCkeo
Posted 03 December 2013 - 10:01 AM

KeraCkeo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sadly, my laptop really isn't anywhere close to that.

A bit more searching brought me to this video, which does match my model, but, well... I pretty much have to tear apart my laptop just to get to the fan.


  • 0

#12
RKinner
Posted 03 December 2013 - 10:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,485 posts
  • MVP
Does look like a pain.

Sometimes you can clear the heatsink with a burst of compressed air in the reverse direction from the normal air flow. Then a vacuum cleaner hose then more compressed air.
  • 0

#13
KeraCkeo
Posted 06 December 2013 - 04:40 PM

KeraCkeo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Guess it's time to just resort to trying the dust out by blowing at it, huh? I'll give it a try and see how if it helps. Otherwise, I suppose there's not much else that can be done.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP