15:04:53.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:04:54.208 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
15:04:54.224 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
15:04:54.271 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976
15:05:36.749 3 CLASSPNP.SYS[fffff88001b3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]
15:20:38.868 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:20:39.539 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
15:20:39.554 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
15:20:39.570 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976
15:21:24.628 3 CLASSPNP.SYS[fffff88001b3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]
16:20:15.401 Disk 0 MBR has been saved successfully to "C:\Users\Nathan\Downloads\MBR.dat"
16:20:15.402 The log file has been saved successfully to "C:\Users\Nathan\Downloads\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Nathan (administrator) on NATHAN-PC on 17-10-2014 16:22:30
Running from C:\Farbar recovery
Loaded Profile: Nathan (Available profiles: Nathan)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-08-07] (alch)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [Google Update] => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-18] (Google Inc.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [RCHotKey] => C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe [30000 2014-04-24] (RingCentral, Inc.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [uTorrent] => "C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [{c97514bc-f96f-0509-955c-ec60f467cb48}] => C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe [363008 2014-08-31] ()
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Nathan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nathan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nathan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-12]
Chrome:
=======
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\TheSage\TheSage\extensions\chrome\ [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
U3 aswMBR; \??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-17 16:20 - 2014-10-17 16:20 - 00003248 _____ () C:\Users\Nathan\Downloads\aswMBR.txt
2014-10-17 16:20 - 2014-10-17 16:20 - 00000512 _____ () C:\Users\Nathan\Downloads\MBR.dat
2014-10-17 14:10 - 2014-10-17 14:58 - 00077000 _____ () C:\Users\Nathan\Downloads\Extras.Txt
2014-10-17 14:07 - 2014-10-17 14:56 - 00163430 _____ () C:\Users\Nathan\Downloads\OTL.Txt
2014-10-17 13:26 - 2014-10-17 13:26 - 00854448 _____ () C:\Users\Nathan\Downloads\SecurityCheck.exe
2014-10-17 13:26 - 2014-10-17 13:26 - 00602112 _____ (OldTimer Tools) C:\Users\Nathan\Downloads\OTL.exe
2014-10-17 13:23 - 2014-10-17 13:23 - 05185536 _____ (AVAST Software) C:\Users\Nathan\Downloads\aswMBR.exe
2014-10-17 11:59 - 2014-10-17 11:59 - 00000000 ____D () C:\ProcessExplorer
2014-10-17 10:48 - 2014-10-17 10:48 - 00003132 _____ () C:\Windows\System32\Tasks\{CD9C48B9-C5E6-4021-B365-9C0137F82437}
2014-10-17 09:31 - 2014-10-17 16:22 - 00000000 ____D () C:\FRST
2014-10-17 09:23 - 2014-10-17 16:22 - 00000000 ____D () C:\Farbar recovery
2014-10-17 09:23 - 2014-10-17 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-17 09:12 - 2014-10-17 09:19 - 00000000 ____D () C:\AdwCleaner
2014-10-17 00:07 - 2014-10-17 00:07 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 00:07 - 2014-10-17 00:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 00:04 - 2014-10-17 00:04 - 01976320 _____ () C:\Users\Nathan\Downloads\adwcleaner_4.000.exe
2014-10-17 00:01 - 2014-10-17 00:02 - 18550872 _____ () C:\Users\Nathan\Downloads\RogueKillerX64.exe
2014-09-22 21:37 - 2014-10-09 20:02 - 00000000 ____D () C:\CEO Energy
2014-09-22 15:51 - 2014-09-22 15:52 - 00000000 ____D () C:\PNC Bank
2014-09-20 23:27 - 2014-09-20 23:28 - 01037246 _____ () C:\Users\Nathan\Downloads\social-networks-auto-poster-facebook-twitter-g.zip
2014-09-20 17:24 - 2014-10-12 23:47 - 00000000 ____D () C:\Contemporary Medical
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-17 16:18 - 2013-05-26 11:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 15:57 - 2010-12-18 04:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA.job
2014-10-17 15:53 - 2014-07-01 09:54 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000.job
2014-10-17 15:49 - 2014-01-06 12:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 15:49 - 2014-01-06 12:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 14:59 - 2013-01-06 08:10 - 00007624 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2014-10-17 14:57 - 2010-12-18 04:30 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core.job
2014-10-17 11:20 - 2009-07-14 00:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:20 - 2009-07-14 00:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:16 - 2010-10-21 17:01 - 01174016 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 11:15 - 2013-02-28 17:54 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Skype
2014-10-17 11:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 11:13 - 2009-07-14 00:51 - 00120773 _____ () C:\Windows\setupact.log
2014-10-17 11:07 - 2011-10-27 18:10 - 00000000 ____D () C:\YIO-5
2014-10-17 09:23 - 2013-02-28 17:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-17 09:23 - 2013-02-28 17:54 - 00000000 ____D () C:\ProgramData\Skype
2014-10-17 09:23 - 2010-08-30 07:09 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar
2014-10-17 09:21 - 2010-10-21 16:58 - 00029244 _____ () C:\Windows\PFRO.log
2014-10-16 23:08 - 2013-06-10 18:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\FileZilla
2014-10-15 18:00 - 2014-06-20 22:43 - 00003832 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403318590
2014-10-15 18:00 - 2014-06-20 22:43 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-15 15:12 - 2010-12-18 04:31 - 00002378 _____ () C:\Users\Nathan\Desktop\Google Chrome.lnk
2014-10-14 15:57 - 2011-02-19 21:35 - 00000000 ____D () C:\BBFOLDER
2014-10-13 20:03 - 2014-06-16 00:12 - 00000000 ____D () C:\AuthoritySites
2014-10-13 15:44 - 2010-12-18 04:16 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Adobe
2014-10-10 11:50 - 2012-09-25 15:15 - 00000000 ____D () C:\FCConcepts
2014-10-09 19:00 - 2011-05-17 18:16 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Mozilla
2014-10-08 16:40 - 2014-07-01 09:54 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000
2014-10-05 15:41 - 2013-02-13 14:10 - 00000000 ____D () C:\Charms
2014-10-03 10:29 - 2013-05-23 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 10:27 - 2014-02-15 00:07 - 00000000 ____D () C:\Program Files\PeerBlock
2014-10-03 01:04 - 2014-05-15 22:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\vlc
2014-09-28 10:58 - 2014-07-22 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 18:55 - 2014-09-13 17:39 - 00000000 ____D () C:\MasterFinance
2014-09-23 17:18 - 2013-05-26 11:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 17:18 - 2012-04-14 18:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 17:18 - 2011-05-20 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-21 19:21 - 2010-08-30 07:14 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-09-18 21:06 - 2010-08-30 06:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-18 20:41 - 2013-04-14 11:39 - 00000287 _____ () C:\Windows\wininit.ini
Files to move or delete:
====================
C:\ProgramData\nud0repor.pad
Some content of TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\2kRTPatch.EXE
C:\Users\Nathan\AppData\Local\Temp\checktbexist.exe
C:\Users\Nathan\AppData\Local\Temp\COMAP.EXE
C:\Users\Nathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nathan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Nathan\AppData\Local\Temp\JavaCertDLL.dll
C:\Users\Nathan\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Nathan\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Nathan\AppData\Local\Temp\MSN22FC.exe
C:\Users\Nathan\AppData\Local\Temp\nsb64E9.exe
C:\Users\Nathan\AppData\Local\Temp\nsb7474.exe
C:\Users\Nathan\AppData\Local\Temp\nsc234D.exe
C:\Users\Nathan\AppData\Local\Temp\nscEAE9.exe
C:\Users\Nathan\AppData\Local\Temp\nsg7AFB.exe
C:\Users\Nathan\AppData\Local\Temp\nsh1736.exe
C:\Users\Nathan\AppData\Local\Temp\nsmB671.exe
C:\Users\Nathan\AppData\Local\Temp\nsn3EA9.exe
C:\Users\Nathan\AppData\Local\Temp\nsq5E90.exe
C:\Users\Nathan\AppData\Local\Temp\nsq61EB.exe
C:\Users\Nathan\AppData\Local\Temp\nsw7762.exe
C:\Users\Nathan\AppData\Local\Temp\nsxD3F6.exe
C:\Users\Nathan\AppData\Local\Temp\nsxF5C8.exe
C:\Users\Nathan\AppData\Local\Temp\oi_{D7F21A0A-4ED5-492F-B792-0DE8B07458C0}.exe
C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe
C:\Users\Nathan\AppData\Local\Temp\RCClientSetup.exe
C:\Users\Nathan\AppData\Local\Temp\RCReadCookies.exe
C:\Users\Nathan\AppData\Local\Temp\SearchHelper.exe
C:\Users\Nathan\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Nathan\AppData\Local\Temp\SPSetup.exe
C:\Users\Nathan\AppData\Local\Temp\SPStub.exe
C:\Users\Nathan\AppData\Local\Temp\sqlite3.dll
C:\Users\Nathan\AppData\Local\Temp\tbMixi.dll
C:\Users\Nathan\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Nathan\AppData\Local\Temp\zlib.dll
C:\Users\Nathan\AppData\Local\Temp\_is7BA2.exe
C:\Users\Nathan\AppData\Local\Temp\_isEB38.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-17 00:42
==================== End Of Log ============================
Addition.txt
-------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Nathan at 2014-10-17 09:33:01
Running from C:\Farbar recovery
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version: - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Add or Remove Adobe Creative Suite 3 Web Premium (HKLM-x32\...\Adobe_247961ef275e20c5cb073c36394ac32) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS3 (x32 Version: 4.1 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Web Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Aircraft Bluebook (HKLM-x32\...\{3DEDE4AE-7D5C-4FE3-93B3-ACE618605B53}) (Version: 13.01.00 - Penton Media, Inc.)
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avidyne Entegra Freeplay Simulator (OEM) (HKLM-x32\...\Avidyne Entegra Freeplay Simulator (OEM)) (Version: - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brackets (HKLM-x32\...\{CA6586CA-1C03-488B-B791-2A4533C1B1C6}) (Version: 0.35 - brackets.io)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
ClamWin Free Antivirus 0.98.4.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Communicator (HKLM-x32\...\{6F1BF39E-E339-4F6F-B547-EDDC280F7198}) (Version: 35.7.1389 - PhoneDotCom)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
DigiGraph 2 (HKCU\...\DigiGraph 2) (Version: - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Files Compare Tool (HKLM-x32\...\{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}) (Version: - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeRIP 4.0 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.0 - GreenTree Applications SRL)
Google AdWords Editor (HKLM-x32\...\{C2F536D9-91E1-4B5C-8A97-9BEB2943EFD1}) (Version: 10.4.1 - Google)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.0.1.1796 (HKCU\...\GoToMeeting) (Version: 7.0.1.1796 - CitrixOnline)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{00180409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Network Recording Player (HKLM-x32\...\{0E6B3568-2337-4429-9E14-0D9D8157D45A}) (Version: 2.23.2500 - Cisco WebEx LLC)
NinjaTrader 7 (HKLM-x32\...\{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}) (Version: 7.0.1011 - NinjaTrader)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version: - )
PlaneBase (HKLM-x32\...\{B9135D53-DB4B-40A6-A2DF-1ECF2BD9014F}) (Version: 2.3.14 - AIRPAC)
PlaneCD (C:\Program Files (x86)\PlaneCD\) (HKLM-x32\...\ST6UNST #2) (Version: - )
PlaneCD (HKLM-x32\...\ST6UNST #1) (Version: - )
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Programmer's Notepad 2 (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.2.0.2240 - Simon Steele)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RingCentral Call Controller (HKLM-x32\...\RingCentral) (Version: - RingCentral, Inc.)
RingCentral Softphone (HKLM-x32\...\{52F10407-8CF3-4EEB-8D4A-9AA02AE861FC}) (Version: 6.03.001.50 - RingCentral, Inc)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TheSage (HKLM\...\TheSage) (Version: 5.1.1790 - Sequence Publishing)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSDC Free Video Editor version 2.1.9.227 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.9.227 - Flash-Integro LLC)
Wave Editor 3.2.1.0 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.1.0 - AbyssMedia.com)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Your Insurance Office v5.0 (HKLM-x32\...\Your Insurance Office v5.0) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2014-01-25 14:23 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3238AF4B-A505-4AD4-8521-548BBBDAEA76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18] (Google Inc.)
Task: {7137B69E-153D-459D-A2AC-D0F3B8C06AC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {A3CD94F1-7D1A-4F8A-9327-3C0D84911005} - System32\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000 => C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe [2014-10-08] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C0A9B562-9F2E-4D17-B26D-539DCE82D1C4} - System32\Tasks\Opera scheduled Autoupdate 1403318590 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {CE719934-CFA9-4724-A575-75EC168FDC3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18] (Google Inc.)
Task: {E6582D6F-7D0C-4FE9-8008-1A1DAD14B1E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {FA56E34E-7E2B-487E-B394-3BDC01D8A4B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000.job => C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core.job => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA.job => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-12-21 19:09 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-21 17:20 - 2010-06-09 21:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-06-28 18:20 - 2010-06-28 18:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 18:12 - 2010-06-28 18:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-08-30 07:36 - 2009-05-20 02:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-12-21 19:09 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-03-29 14:46 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2011-03-29 14:46 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2011-03-29 14:46 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2011-03-29 14:46 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2011-03-29 14:46 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2011-03-29 14:46 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2011-03-29 14:46 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2011-03-29 14:46 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2011-03-29 14:46 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2011-03-29 14:46 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2011-03-29 14:46 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2011-03-29 14:46 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2011-03-29 14:46 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2011-03-29 14:46 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2011-03-29 14:46 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2010-12-18 18:01 - 2010-12-18 18:01 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a416e1d402c16813f1bf26e73c004049\IsdiInterop.ni.dll
2010-08-30 06:56 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3965309216-3280889811-3830929852-500 - Administrator - Disabled)
Guest (S-1-5-21-3965309216-3280889811-3830929852-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3965309216-3280889811-3830929852-1002 - Limited - Enabled)
Nathan (S-1-5-21-3965309216-3280889811-3830929852-1000 - Administrator - Enabled) => C:\Users\Nathan
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/17/2014 00:45:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (10/17/2014 00:44:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
System errors:
=============
Error: (10/17/2014 09:22:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dritek WMI Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Acer ePower Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GREGService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NTI IScheduleSvc service terminated unexpectedly. It has done this 1 time(s).
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (10/17/2014 00:45:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
Error: (10/17/2014 00:44:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
CodeIntegrity Errors:
===================================
Date: 2014-02-11 21:07:16.038
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-11 21:07:16.026
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-11 21:06:39.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-11 21:06:39.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-10 22:46:47.209
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-10 22:46:47.195
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-10 22:45:55.400
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-10 22:45:55.382
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3766.71 MB
Available physical RAM: 2217.68 MB
Total Pagefile: 7531.57 MB
Available Pagefile: 5906.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:47.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 523FFB90)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
==================== End Of Log ============================