Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by arwen (administrator) on ARWEN-PC on 15-08-2014 18:13:33
Running from C:\Users\arwen\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\arwen\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Users\arwen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE
(Realtek Semiconductor Corp.) C:\Users\arwen\AppData\Local\Temp\RtkBtMnt.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1373719338\ee\aolsoftware.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(acer) C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [481792 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-24] (Synaptics, Inc.)
HKLM-x32\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [781824 2008-09-12] (Acer Incorporated)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-07-24] (CyberLink)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-07-18] (Acer Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1373719338\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-04-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1731772034-2200946797-1229434728-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2013-07-13] (Google Inc.)
HKU\S-1-5-21-1731772034-2200946797-1229434728-1000\...\Run: [Amazon Music] => C:\Users\arwen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-04] ()
HKU\S-1-5-21-1731772034-2200946797-1229434728-1000\...\Run: [Amazon Cloud Player] => C:\Users\arwen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-1731772034-2200946797-1229434728-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE [72760 2013-09-07] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 97.64.183.164 97.64.209.37
FireFox:
========
FF ProfilePath: C:\Users\arwen\AppData\Roaming\Mozilla\Firefox\Profiles\gm00kuov.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\arwen\AppData\Roaming\Mozilla\Firefox\Profiles\gm00kuov.default\Extensions\abs@avira.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3300196&SearchSource=48&CUI=UN38189234359725179&UM=2"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Adblock Plus) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-14]
CHR Extension: (Google Search) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Avira Browser Safety) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2014-06-14]
CHR Extension: (AdBlock) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-14]
CHR Extension: (RealDownloader) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-17]
CHR Extension: (Mafia Wars Addon) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\arwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR HKCU\...\Chrome\Extension: [lcgnmdipgajofmpanhpdinhkgmeifmdo] - C:\Users\arwen\AppData\Local\CRE\lcgnmdipgajofmpanhpdinhkgmeifmdo.crx [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lcgnmdipgajofmpanhpdinhkgmeifmdo] - C:\Users\arwen\AppData\Local\CRE\lcgnmdipgajofmpanhpdinhkgmeifmdo.crx [2013-08-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [132096 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-08] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56320 2008-05-19] (Atheros Communications, Inc.)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [32240 2008-07-18] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-15 18:13 - 2014-08-15 18:14 - 00024892 _____ () C:\Users\arwen\Desktop\FRST.txt
2014-08-15 18:13 - 2014-08-15 18:13 - 00000000 ____D () C:\FRST
2014-08-15 18:11 - 2014-08-15 18:11 - 02100224 _____ (Farbar) C:\Users\arwen\Desktop\FRST64.exe
2014-08-15 00:04 - 2014-08-15 00:04 - 00000569 _____ () C:\Users\arwen\Desktop\mediacom message.txt
2014-08-14 20:58 - 2014-08-14 23:02 - 00000000 ____D () C:\Users\arwen\Desktop\State Fair
2014-08-14 20:49 - 2014-08-14 22:01 - 00000000 ____D () C:\Users\arwen\Desktop\Osprey and Raptor Center
2014-08-14 00:06 - 2014-08-14 20:36 - 00001417 _____ () C:\Users\arwen\Desktop\malwarebytes scan results 08-13-2014 a.txt
2014-08-13 23:21 - 2014-08-14 00:49 - 00000239 _____ () C:\Users\arwen\Desktop\mw error link.txt
2014-08-13 21:22 - 2014-08-13 21:23 - 54756805 _____ () C:\Users\arwen\Downloads\The #QueenBert Journey - part three-SD.mp4
2014-08-13 20:59 - 2014-08-13 21:00 - 25185891 _____ () C:\Users\arwen\Downloads\Adam Lambert singing Who Wants To Live Forever in Kiev June 30, 2012-SD.mp4
2014-08-13 20:20 - 2014-08-13 20:21 - 50395605 _____ () C:\Users\arwen\Downloads\Queen + Adam Lambert - Love Kills (live)-SD.mp4
2014-08-13 03:06 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:06 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:06 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:06 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:06 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:06 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:05 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 03:05 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 01:59 - 2014-07-24 23:27 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 01:59 - 2014-07-24 23:18 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 01:59 - 2014-07-24 22:15 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 01:59 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 01:59 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 01:59 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 01:59 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 01:59 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 01:59 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 01:59 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 01:59 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 01:59 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 01:59 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 01:59 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 01:59 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 01:59 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 01:59 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 01:59 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 01:59 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 01:59 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 01:59 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 01:59 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 01:59 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 01:59 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 01:59 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 01:59 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 01:59 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 01:59 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 01:59 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 01:59 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 01:59 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 01:59 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 01:59 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 01:59 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 01:59 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 01:59 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 01:59 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 01:59 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 01:59 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 01:58 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 01:58 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 01:58 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 01:58 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 01:58 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 01:58 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 01:58 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 01:58 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 01:58 - 2014-07-07 20:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 01:58 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 01:57 - 2014-06-02 16:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 01:57 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 01:57 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 01:57 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-13 01:57 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 01:57 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 01:57 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 01:57 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 00:02 - 2014-08-13 00:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-11 22:20 - 2014-08-11 22:20 - 00274824 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-10 16:21 - 2014-08-10 16:20 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 16:20 - 2014-08-10 16:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 16:20 - 2014-08-10 16:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 16:20 - 2014-08-10 16:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 16:20 - 2014-08-10 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 16:11 - 2012-05-29 14:51 - 36136786 _____ () C:\Users\arwen\Desktop\Cooper's Hawk in the trees 08-10-2014.MP4
2014-08-09 04:51 - 2014-08-09 04:51 - 15945299 _____ () C:\Users\arwen\Downloads\7-36 am, Aug. 8, 2014 ~ STAN GIVES A NOD TO ALEXI AND SHOWS THE WAY! ~ FLEDGE!-SD.mp4
2014-08-06 22:16 - 2014-08-06 22:16 - 00001953 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-06 22:16 - 2014-08-06 22:16 - 00001951 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-06 22:16 - 2014-08-06 22:16 - 00001941 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-06 22:16 - 2014-08-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-06 22:14 - 2014-08-06 22:14 - 00895120 _____ (Google Inc.) C:\Users\arwen\Downloads\googledrivesync.exe
2014-08-05 21:04 - 2014-08-05 21:12 - 00000000 ____D () C:\Users\arwen\Desktop\perfume label
2014-08-05 08:05 - 2014-08-05 08:05 - 00000000 ____D () C:\Users\arwen\AppData\Local\Microsoft Help
2014-08-05 02:30 - 2014-08-05 03:15 - 00000000 ____D () C:\Users\arwen\Desktop\Robert Videos to upload
2014-08-04 18:44 - 2014-08-05 11:17 - 00000026 _____ () C:\Users\arwen\Desktop\usps delivery conformation number.txt
2014-08-01 22:16 - 2014-08-01 22:16 - 00274824 _____ () C:\Windows\Minidump\Mini080114-01.dmp
2014-07-31 08:37 - 2014-07-31 08:37 - 00000258 _____ () C:\Users\arwen\Desktop\suspicious possible or known alias join dates plus elessar and pt.txt
2014-07-30 04:05 - 2014-07-30 06:47 - 00000223 _____ () C:\Users\arwen\Desktop\jake's info.txt
2014-07-27 18:09 - 2014-07-27 18:09 - 00000091 _____ () C:\Users\arwen\Desktop\KILL.txt
2014-07-27 17:44 - 2014-07-27 17:44 - 00000086 _____ () C:\Users\arwen\Desktop\ILLYRYAN 2.txt
2014-07-27 06:24 - 2014-07-27 07:05 - 00009488 _____ () C:\Users\arwen\Desktop\mithril.txt
2014-07-25 00:58 - 2014-07-25 01:00 - 00000000 ____D () C:\Users\arwen\Desktop\Freddie Mercury's Will
2014-07-22 23:15 - 2014-07-22 23:15 - 00000761 _____ () C:\Users\arwen\Desktop\queen tour dates.txt
2014-07-19 23:34 - 2014-07-19 23:34 - 00000016 _____ () C:\Users\arwen\Desktop\notes.txt
2014-07-19 20:41 - 2014-07-19 20:42 - 51496475 _____ () C:\Users\arwen\Downloads\TILIKUM-HD.mp4
2014-07-19 00:46 - 2014-08-05 01:57 - 00000000 ____D () C:\Users\arwen\Desktop\QUEEN
2014-07-18 01:32 - 2014-07-18 01:32 - 00000498 _____ () C:\Users\arwen\Desktop\4 osprey subspecies.txt
2014-07-16 15:40 - 2014-07-16 15:40 - 00001698 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 15:40 - 2014-07-16 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 15:39 - 2014-07-16 15:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 15:39 - 2014-07-16 15:40 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 15:39 - 2014-07-16 15:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 15:39 - 2014-07-16 15:39 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 04:23 - 2014-07-16 04:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-15 18:14 - 2014-08-15 18:13 - 00024892 _____ () C:\Users\arwen\Desktop\FRST.txt
2014-08-15 18:13 - 2014-08-15 18:13 - 00000000 ____D () C:\FRST
2014-08-15 18:11 - 2014-08-15 18:11 - 02100224 _____ (Farbar) C:\Users\arwen\Desktop\FRST64.exe
2014-08-15 17:51 - 2013-07-13 02:03 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 17:51 - 2013-07-13 02:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 17:48 - 2013-09-25 21:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 17:21 - 2013-07-13 01:41 - 01209954 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 17:13 - 2008-12-18 02:18 - 00282976 _____ () C:\Users\Public\eDSMSNLoader32.log
2014-08-15 17:12 - 2013-07-13 01:07 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-08-15 17:11 - 2008-12-18 02:14 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2014-08-15 17:11 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 17:11 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 17:11 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 17:10 - 2014-06-14 01:27 - 01132360 _____ () C:\Windows\PFRO.log
2014-08-15 14:49 - 2006-11-02 10:42 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-15 00:04 - 2014-08-15 00:04 - 00000569 _____ () C:\Users\arwen\Desktop\mediacom message.txt
2014-08-15 00:00 - 2006-11-02 07:46 - 00758854 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 23:02 - 2014-08-14 20:58 - 00000000 ____D () C:\Users\arwen\Desktop\State Fair
2014-08-14 22:01 - 2014-08-14 20:49 - 00000000 ____D () C:\Users\arwen\Desktop\Osprey and Raptor Center
2014-08-14 20:36 - 2014-08-14 00:06 - 00001417 _____ () C:\Users\arwen\Desktop\malwarebytes scan results 08-13-2014 a.txt
2014-08-14 20:31 - 2014-06-12 05:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 04:01 - 2013-12-25 00:58 - 00000000 ____D () C:\Users\arwen\Desktop\PHOTO GRAPHICS FROM ALL OVER
2014-08-14 01:33 - 2014-06-21 19:13 - 00000000 ____D () C:\Users\arwen\Desktop\Newer Hellgate Photos
2014-08-14 01:29 - 2013-07-13 01:50 - 00000000 ___RD () C:\Users\arwen\Desktop\Antivirus
2014-08-14 00:49 - 2014-08-13 23:21 - 00000239 _____ () C:\Users\arwen\Desktop\mw error link.txt
2014-08-13 21:23 - 2014-08-13 21:22 - 54756805 _____ () C:\Users\arwen\Downloads\The #QueenBert Journey - part three-SD.mp4
2014-08-13 21:00 - 2014-08-13 20:59 - 25185891 _____ () C:\Users\arwen\Downloads\Adam Lambert singing Who Wants To Live Forever in Kiev June 30, 2012-SD.mp4
2014-08-13 20:21 - 2014-08-13 20:20 - 50395605 _____ () C:\Users\arwen\Downloads\Queen + Adam Lambert - Love Kills (live)-SD.mp4
2014-08-13 18:09 - 2013-07-13 02:06 - 00002029 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 03:57 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-08-13 03:33 - 2006-11-02 10:21 - 00306752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 03:28 - 2008-12-18 01:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 03:26 - 2013-07-16 07:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:21 - 2006-11-02 07:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-13 00:03 - 2013-07-13 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-13 00:03 - 2013-07-13 04:06 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 00:03 - 2013-07-13 04:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-13 00:02 - 2014-08-13 00:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-11 22:20 - 2014-08-11 22:20 - 00274824 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 22:20 - 2014-07-01 17:59 - 337384391 _____ () C:\Windows\MEMORY.DMP
2014-08-11 22:20 - 2013-11-06 07:51 - 00000000 ____D () C:\Windows\Minidump
2014-08-10 16:20 - 2014-08-10 16:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 16:20 - 2014-08-10 16:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 16:20 - 2014-08-10 16:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 16:20 - 2014-08-10 16:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 16:20 - 2014-08-10 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 16:20 - 2013-07-30 01:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-09 04:51 - 2014-08-09 04:51 - 15945299 _____ () C:\Users\arwen\Downloads\7-36 am, Aug. 8, 2014 ~ STAN GIVES A NOD TO ALEXI AND SHOWS THE WAY! ~ FLEDGE!-SD.mp4
2014-08-06 22:16 - 2014-08-06 22:16 - 00001953 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-06 22:16 - 2014-08-06 22:16 - 00001951 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-06 22:16 - 2014-08-06 22:16 - 00001941 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-06 22:16 - 2014-08-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-06 22:16 - 2013-07-13 01:37 - 00000000 ____D () C:\Users\arwen\AppData\Local\Google
2014-08-06 22:16 - 2013-07-13 00:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-06 22:14 - 2014-08-06 22:14 - 00895120 _____ (Google Inc.) C:\Users\arwen\Downloads\googledrivesync.exe
2014-08-05 21:12 - 2014-08-05 21:04 - 00000000 ____D () C:\Users\arwen\Desktop\perfume label
2014-08-05 11:17 - 2014-08-04 18:44 - 00000026 _____ () C:\Users\arwen\Desktop\usps delivery conformation number.txt
2014-08-05 08:05 - 2014-08-05 08:05 - 00000000 ____D () C:\Users\arwen\AppData\Local\Microsoft Help
2014-08-05 03:38 - 2014-07-12 04:52 - 00000000 ____D () C:\Users\arwen\Desktop\Pottery
2014-08-05 03:15 - 2014-08-05 02:30 - 00000000 ____D () C:\Users\arwen\Desktop\Robert Videos to upload
2014-08-05 01:57 - 2014-07-19 00:46 - 00000000 ____D () C:\Users\arwen\Desktop\QUEEN
2014-08-05 01:56 - 2014-01-17 18:17 - 00000000 ____D () C:\Users\arwen\Desktop\newest photos jan 17th 2014
2014-08-01 22:16 - 2014-08-01 22:16 - 00274824 _____ () C:\Windows\Minidump\Mini080114-01.dmp
2014-07-31 08:37 - 2014-07-31 08:37 - 00000258 _____ () C:\Users\arwen\Desktop\suspicious possible or known alias join dates plus elessar and pt.txt
2014-07-30 06:47 - 2014-07-30 04:05 - 00000223 _____ () C:\Users\arwen\Desktop\jake's info.txt
2014-07-27 18:09 - 2014-07-27 18:09 - 00000091 _____ () C:\Users\arwen\Desktop\KILL.txt
2014-07-27 17:44 - 2014-07-27 17:44 - 00000086 _____ () C:\Users\arwen\Desktop\ILLYRYAN 2.txt
2014-07-27 07:05 - 2014-07-27 06:24 - 00009488 _____ () C:\Users\arwen\Desktop\mithril.txt
2014-07-25 01:00 - 2014-07-25 00:58 - 00000000 ____D () C:\Users\arwen\Desktop\Freddie Mercury's Will
2014-07-24 23:27 - 2014-08-13 01:59 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-24 23:18 - 2014-08-13 01:59 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-24 22:15 - 2014-08-13 01:59 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 14:28 - 2014-08-13 01:59 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 14:12 - 2014-08-13 01:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 14:10 - 2014-08-13 01:58 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 14:07 - 2014-08-13 01:59 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 14:06 - 2014-08-13 01:59 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 14:05 - 2014-08-13 01:59 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 14:05 - 2014-08-13 01:59 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 14:05 - 2014-08-13 01:59 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 14:04 - 2014-08-13 01:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 14:04 - 2014-08-13 01:59 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 14:04 - 2014-08-13 01:59 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 14:04 - 2014-08-13 01:59 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 14:04 - 2014-08-13 01:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 14:04 - 2014-08-13 01:58 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 14:03 - 2014-08-13 01:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 14:03 - 2014-08-13 01:59 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 14:03 - 2014-08-13 01:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 14:03 - 2014-08-13 01:59 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 14:03 - 2014-08-13 01:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 14:03 - 2014-08-13 01:58 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 14:02 - 2014-08-13 01:59 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 13:07 - 2014-08-13 01:59 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 12:58 - 2014-08-13 01:59 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 12:57 - 2014-08-13 01:58 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 12:52 - 2014-08-13 01:59 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 12:51 - 2014-08-13 01:59 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-13 01:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 12:50 - 2014-08-13 01:59 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-24 12:50 - 2014-08-13 01:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 12:49 - 2014-08-13 01:59 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 12:49 - 2014-08-13 01:59 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-24 12:49 - 2014-08-13 01:58 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 12:49 - 2014-08-13 01:58 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 12:49 - 2014-08-13 01:58 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-24 12:48 - 2014-08-13 01:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 12:48 - 2014-08-13 01:59 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 12:48 - 2014-08-13 01:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 12:48 - 2014-08-13 01:59 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 12:48 - 2014-08-13 01:59 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-24 12:48 - 2014-08-13 01:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-24 12:48 - 2014-08-13 01:58 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-24 12:47 - 2014-08-13 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-22 23:15 - 2014-07-22 23:15 - 00000761 _____ () C:\Users\arwen\Desktop\queen tour dates.txt
2014-07-19 23:34 - 2014-07-19 23:34 - 00000016 _____ () C:\Users\arwen\Desktop\notes.txt
2014-07-19 20:42 - 2014-07-19 20:41 - 51496475 _____ () C:\Users\arwen\Downloads\TILIKUM-HD.mp4
2014-07-18 01:32 - 2014-07-18 01:32 - 00000498 _____ () C:\Users\arwen\Desktop\4 osprey subspecies.txt
2014-07-16 15:40 - 2014-07-16 15:40 - 00001698 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 15:40 - 2014-07-16 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 15:40 - 2014-07-16 15:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 15:40 - 2014-07-16 15:39 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 15:40 - 2014-07-16 15:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 15:39 - 2014-07-16 15:39 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 04:24 - 2014-07-16 04:23 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
Some content of TEMP:
====================
C:\Users\arwen\AppData\Local\Temp\avgnt.exe
C:\Users\arwen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\arwen\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\arwen\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-15 17:24
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by arwen at 2014-08-15 18:15:21
Running from C:\Users\arwen\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5702 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 2.0.5702 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam 2.0.8 (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin)
Acer eAudio Management (HKLM-x32\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM-x32\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar plus Web Protection (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0201}) (Version: 12.2.1.477 - Ask Partner Network)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 6.5.3023e - CyberLink Corp.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000201 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.3.000201 - esobi Inc.) Hidden
Flip Words 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)
GeekBuddy (HKLM-x32\...\{A47642B2-4CB5-4325-8093-C88D4747953F}) (Version: 4.7.55 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Launch Manager (HKLM-x32\...\LManager) (Version: - )
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version: - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Winbond CIR Device Drivers (HKLM-x32\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-06-2014 06:49:00 Scheduled Checkpoint
10-07-2014 08:00:22 Windows Update
16-07-2014 07:02:24 Scheduled Checkpoint
16-07-2014 09:21:42 Installed Java 7 Update 65
23-07-2014 06:54:40 Scheduled Checkpoint
05-08-2014 10:37:47 Scheduled Checkpoint
10-08-2014 21:19:09 Installed Java 7 Update 67
13-08-2014 08:00:57 Windows Update
14-08-2014 11:34:00 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 07:34 - 2013-08-23 20:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {10975309-1813-44E7-A609-40F95CB5DC55} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {157F172F-6BE6-4F68-BBC7-7F8A802F4632} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1731772034-2200946797-1229434728-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2307AE46-6A31-4234-A30F-EF2A547126A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {65D9D570-698C-43F4-8B75-9CDB2A1FF3D8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1731772034-2200946797-1229434728-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6DA8B9E8-BD76-46FD-A4A6-899211A168CA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6F9C01BF-CCE2-4DFB-88C4-8F6436676FB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9D8FA4B5-3386-460C-9E4B-416755412446} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1731772034-2200946797-1229434728-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A14FBB4F-670C-4761-ABCD-01E04DD05D85} - \TopArcadeHits No Task File <==== ATTENTION
Task: {C382A3F6-151F-4090-9826-E4F8AF3BB397} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1731772034-2200946797-1229434728-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D3B746C0-E8AF-493B-A441-A6B0711A257C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {D4886E8F-AF95-4840-92F1-3D66A5A5588C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1731772034-2200946797-1229434728-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FEF4ECAC-D446-4025-92B0-9467C03B7F13} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-13 01:19 - 2008-01-16 20:35 - 00081504 _____ () C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-12-18 01:43 - 2008-08-19 17:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-12-18 01:44 - 2008-12-18 01:44 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-12-18 01:44 - 2008-12-18 01:44 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-12-18 01:44 - 2008-12-18 01:44 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-12-18 01:44 - 2008-12-18 01:44 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-12-18 01:44 - 2008-12-18 01:44 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-12-18 01:56 - 2008-09-12 00:20 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2008-12-18 01:44 - 2008-12-18 01:44 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-12-18 01:53 - 2008-05-26 17:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-12-18 01:53 - 2008-05-26 17:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-12-18 01:53 - 2008-05-26 17:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-12-18 01:53 - 2008-05-26 17:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-12-18 02:32 - 2007-12-06 19:16 - 00132096 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-12-18 02:32 - 2007-11-27 21:52 - 00041984 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-26 00:36 - 2008-04-26 00:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-12-18 02:30 - 2007-01-08 21:25 - 00272024 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2007-12-13 06:08 - 2007-12-13 06:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 20:53 - 2008-07-29 20:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2013-07-13 01:00 - 2007-10-23 12:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-06-18 20:14 - 2014-06-04 17:18 - 03162944 _____ () C:\Users\arwen\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-06-30 16:01 - 2014-05-08 12:26 - 03145536 _____ () C:\Users\arwen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2008-04-26 00:36 - 2008-04-26 00:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-06-24 22:09 - 2007-06-24 22:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 22:09 - 2007-06-24 22:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 22:09 - 2007-06-24 22:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2008-04-28 12:49 - 2008-04-28 12:49 - 00002560 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2013-09-07 12:20 - 2013-09-07 12:20 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\zlib.dll
2013-09-07 12:19 - 2013-09-07 12:19 - 21117440 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libcef.dll
2013-09-07 12:19 - 2013-09-07 12:19 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libglesv2.dll
2013-09-07 12:19 - 2013-09-07 12:19 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7a\libegl.dll
2008-07-24 17:54 - 2008-07-24 17:54 - 00757760 ____N () C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-07-24 17:54 - 2008-07-24 17:54 - 00007680 ____N () C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2014-08-13 00:03 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\arwen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-13 18:09 - 2014-08-06 22:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 18:09 - 2014-08-06 22:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 18:09 - 2014-08-06 22:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-13 18:09 - 2014-08-06 22:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-04-09 01:30 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\arwen\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-09 01:30 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\arwen\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2014 05:12:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/15/2014 02:19:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/15/2014 03:35:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 11:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 06:25:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 11:48:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 04:04:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/14/2014 04:04:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/14/2014 04:01:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 03:58:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.Sockets.SocketException
Stack:
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)
at Avira.OE.WinCore.NetworkStatusListener..ctor()
at Avira.OE.WinCore.InternetConnectionMonitor..ctor()
at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow)
at Avira.OE.Systray.SystrayIcon..ctor()
at Avira.OE.Systray.Program.Main(System.String[])
System errors:
=============
Error: (08/15/2014 05:12:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/15/2014 02:19:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/15/2014 03:37:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Font Cache Service%%1053
Error: (08/15/2014 03:37:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Font Cache Service
Error: (08/15/2014 03:36:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (08/15/2014 03:35:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/14/2014 11:55:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Service Host
Error: (08/14/2014 11:12:03 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 0016EAA33014 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (08/14/2014 06:25:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/14/2014 11:48:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-14 20:42:46.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:45.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:45.678
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:45.451
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:44.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:43.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:43.722
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 20:42:43.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 03:51:32.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-14 03:51:31.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 4023.93 MB
Available physical RAM: 866.05 MB
Total Pagefile: 8255.14 MB
Available Pagefile: 4228.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:143.04 GB) (Free:51.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.5 GB) (Free:99.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)
==================== End Of Log ============================
Edited by CoolCat, 15 August 2014 - 05:45 PM.