Please help I do not know what is going on

[SableRayven]

Hello,

Computer is an Acer Aspire 5750 running Windows 7 Home Premium

My maintenence on the computer comprises of running the CC Cleaner and Malwarebytes every other night, and the Defraggler once a week.

Everything was fine until about 3-4 days ago when I ran MalwareBytes and it suddenly froze about 4 minutes in. After that literally everything on my computer froze, I had to do an emergency shut down and ever since my computer has been overheating within an hour of having it on, it can't handle even my normal college workload of playing the media player and MS Word, it takes forever to do anything really. So I'm at a loss and I really don't want to have to reboot. So please help.

I've ran the DDS as you guys have asked and it will be posted next.

Edited May 23, 2013 by Maurice Naggar
emphasis added

[SableRayven]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2

Run by Trinity at 10:58:45 on 2013-05-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2181 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\iWin Games\iWinTrusted.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\DOLBY PCEE4\pcee4.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://acer.msn.com

uDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{35DBCDA7-76D7-4497-93B0-376EA72DE8AF} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{35DBCDA7-76D7-4497-93B0-376EA72DE8AF}\6427F6E64796562773138373 : DHCPNameServer = 192.168.254.254

TCP: Interfaces\{35DBCDA7-76D7-4497-93B0-376EA72DE8AF}\9667977657563747 : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{EC165E47-7983-45DC-B201-36594D8A9BC9} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://acer.msn.com

x64-mDefault_Page_URL = hxxp://acer.msn.com

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Trinity\AppData\Roaming\Mozilla\Firefox\Profiles\47tlmbdx.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-4-6 22912]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-4-6 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-4-6 62584]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-1 353360]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-3-5 873064]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-6 13336]

R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-4-22 255376]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-5 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-5 701512]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-15 257344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-5 2656280]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]

R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]

R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-19 52264]

R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-6 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-17 412712]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-5 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-10 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-05-16 15:42:28 -------- d-----w- C:\ProgramData\PrevxCSI

2013-05-16 13:09:37 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{260B7FEB-9DD9-4BB5-85FF-D08AEF74A49A}\mpengine.dll

2013-05-16 12:38:30 -------- d-----w- C:\18c9759adbc9954f12

2013-05-16 12:38:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-16 12:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-15 18:49:50 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-10 14:48:21 -------- d-----w- C:\Users\Trinity\AppData\Roaming\Mobipocket

2013-05-10 14:45:18 -------- d-----w- C:\Program Files (x86)\Mobipocket.com

2013-05-07 19:11:53 -------- d-----w- C:\Users\Trinity\AppData\Local\Macromedia

2013-05-07 19:10:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-07 19:10:55 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-07 18:55:12 -------- d-----w- C:\Users\Trinity\AppData\Local\{8D8669B4-799C-42F5-81D1-CAF93E46BAA5}

2013-05-07 18:55:11 -------- d-----w- C:\Users\Trinity\AppData\Local\{8A8EA87C-DFC7-48E2-9C22-B4B33EB59B7E}

2013-05-07 18:54:59 -------- d-----w- C:\Users\Trinity\AppData\Roaming\Windows Live Writer

2013-05-07 18:54:59 -------- d-----w- C:\Users\Trinity\AppData\Local\Windows Live Writer

2013-05-04 17:34:23 -------- d-----w- C:\Users\Trinity\AppData\Local\Chromium

2013-05-04 17:31:15 -------- d-----w- C:\Users\Trinity\AppData\Local\The Lord of the Rings Online

2013-05-04 17:19:16 -------- d-----w- C:\Users\Trinity\AppData\Local\Turbine

2013-05-04 17:16:52 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll

2013-05-04 17:16:28 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2013-05-04 17:16:26 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2013-05-04 17:16:25 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2013-05-04 17:15:43 -------- d-----w- C:\Users\Trinity\AppData\Local\ApplicationHistory

2013-05-04 17:14:38 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2013-05-04 17:13:03 -------- d-----w- C:\ProgramData\Turbine

2013-05-04 17:12:53 -------- d-----w- C:\ProgramData\HappyCloud

2013-04-28 20:30:03 -------- d-----w- C:\Users\Trinity\AppData\Local\2DBoy

2013-04-28 20:30:03 -------- d-----w- C:\ProgramData\2DBoy

2013-04-24 01:05:58 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-23 03:52:36 0 ----a-w- C:\Windows\SysWow64\shoE84B.tmp

2013-04-23 03:30:01 -------- d-----w- C:\Program Files (x86)\Launch Manager

2013-04-23 00:16:47 -------- d-----w- C:\Users\Trinity\AppData\Local\ElevatedDiagnostics

2013-04-22 21:33:13 -------- d-----w- C:\ProgramData\Acer

2013-04-22 19:45:41 -------- d-----w- C:\Users\Trinity\AppData\Roaming\EscapeFromParadise2

2013-04-21 22:23:31 -------- d-----w- C:\Users\Trinity\AppData\Roaming\qBittorrent

2013-04-21 22:23:03 -------- d-----w- C:\Users\Trinity\AppData\Roaming\Easy BitTorrent Client

2013-04-21 22:23:03 -------- d-----w- C:\Users\Trinity\AppData\Local\Easy BitTorrent Client

2013-04-21 12:24:06 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin

2013-04-20 18:13:54 -------- d-----w- C:\Games

2013-04-20 13:01:09 -------- d-----w- C:\Program Files (x86)\iWin.com

2013-04-20 13:00:12 -------- d-----w- C:\ProgramData\iWin Games

2013-04-20 13:00:03 -------- d-----w- C:\Program Files (x86)\iWin Games

2013-04-18 16:45:55 -------- d-----w- C:\Users\Trinity\AppData\Roaming\runic games

2013-04-18 16:38:43 -------- d-----w- C:\Users\Trinity\AppData\Roaming\Namco

2013-04-17 20:19:57 -------- d-----w- C:\Users\Trinity\AppData\Local\Grubby Games

2013-04-17 20:18:31 -------- d-----w- C:\ProgramData\Big Fish Games

2013-04-17 20:17:41 -------- d-----w- C:\BigFishGamesCache

.

==================== Find3M ====================

.

2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-23 03:28:47 281680 ----a-w- C:\Windows\UNINSTLMv4.EXE

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-06 03:51:31 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-03-06 03:51:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-03-06 03:51:31 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-03-06 03:50:25 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-06 03:50:25 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-06 03:50:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe

2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

.

============= FINISH: 10:59:14.15 ===============

[SableRayven]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/4/2013 10:39:33 PM

System Uptime: 5/16/2013 10:36:50 AM (0 hours ago)

.

Motherboard: Acer | | JE50_HR

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU1 | 2001/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 522.967 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

A Magnetic Adventure

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Digital Editions 2.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1 MUI

Agatha Christie - 4:50 from Paddington

Backup Manager V3

Bee Garden

Bejeweled 2 Deluxe

Broadcom Card Reader Driver Installer

Broadcom Gigabit NetLink Controller

Buccaneer

Build-a-lot

Build-a-lot 2

CCleaner

Chuzzle Deluxe

clear.fi

clear.fi Client

Cute Knight

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Diner Dash 2 Restaurant Rescue

Dolby Advanced Audio v2

Dora's World Adventure

Dream Builder: Amusement Park

Escape from Paradise 2 - A Kingdoms Quest

FATE - The Traitor Soul

Final Drive: Nitro

Galerie de photos Windows Live

Google Chrome

Google Update Helper

Haiku Journey

Happy Cloud Client

Identity Card

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Monitor 2.0

iWin Games (remove only)

Java 7 Update 17

Java 7 Update 17 (64-bit)

Java Auto Updater

Jewel Quest Heritage

Jojo's Fashion Show World Tour

Junk Mail filter update

K-Lite Codec Pack 8.7.0 (Full)

Launch Manager

Malwarebytes Anti-Malware version 1.75.0.1300

Master of Alchemy

Matches and Matrimony

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Starter 2010 - English

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mobipocket Reader 6.2

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Mystery P.I. - Stolen in San Francisco

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Namco All-Stars: PAC-MAN

NTI Media Maker 9

Penguins!

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shaman Odyssey - Tropic Adventure

Shredder

Snapshot Adventures

Speccy

Spellagories

Synaptics Pointing Device Driver

Tasty Planet

Tasty Planet: Back for Seconds

Teddy Factory

The Lord of the Rings Online

Torchlight

Totem Tribe

Tradewinds

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

VC80CRTRedist - 8.0.50727.6195

Virtual Families

Virtual Families 2

Virtual Villagers 4 - The Tree of Life

Virtual Villagers 5 - New Believers

Welcome Center

WildTangent Games

WildTangent Games App

WildTangent Games App (Acer Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Goo

ZoomBook - The Temple of the Sun

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

5/9/2013 8:44:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

5/9/2013 8:44:15 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/9/2013 8:43:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

5/9/2013 8:43:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

5/9/2013 8:42:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

5/9/2013 8:41:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

5/9/2013 8:40:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

5/9/2013 8:39:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

5/16/2013 8:04:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2804576).

5/16/2013 7:59:40 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

5/16/2013 7:53:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

5/10/2013 7:56:46 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

.

==== End Of File ===========================

[Maurice Naggar]

Hello SableR and welcome to MalwareBytes forum.

You appear to have been overlooked because you made 3 successive posts in a row, without waiting for the 1st response from a authorized helper.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Disconnect any external storage drives from the computer.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    
  • Startup Repair
    
  • System Restore
    
  • Windows Complete PC Restore
    
  • Windows Memory Diagnostic Tool
    
  • Command Prompt

[*]Select Command Prompt

Now, Plug the flashdrive with FRST tool into the PC.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Maurice Naggar]

How is it going? Are you still around ?

If I do not hear back from you very soon, I will then consider this as abandoned & would close this.

[SableRayven]

yes, I'm here. Sorry about that I did not get your email notification until just now. Like I said before my computer is not working very well. I'll follow your instructions on the previous post and get back with you asap.

[SableRayven]

Alright this is what that gave me(not that I understand any of it lol):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01

Ran by SYSTEM on 23-05-2013 09:59:40

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-10-08] ()

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2189416 2011-03-08] (Realtek Semiconductor)

HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-02-15] (NTI Corporation)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2013-04-22] (Dritek System Inc.)

HKU\Default\...\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} [x]

HKU\Default User\...\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} [x]

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-23 09:59 - 2013-05-23 09:59 - 00000000 ____D C:\FRST

2013-05-23 06:46 - 2013-05-23 06:46 - 01878472 ____A (Farbar) C:\Users\Trinity\Downloads\FRST64.exe

2013-05-23 06:37 - 2013-05-23 06:37 - 00295144 ____A C:\Users\Trinity\Downloads\American Harry Prequel 40.htm

2013-05-23 06:36 - 2013-05-23 06:36 - 00000813 ____A C:\Users\Trinity\Downloads\Chapter 25 Temp Review Responses.txt

2013-05-21 04:45 - 2013-05-21 11:56 - 00000000 ____D C:\Users\Trinity\Desktop\Manga

2013-05-20 16:33 - 2013-05-20 16:33 - 01858040 ____A (Coupons.com Incorporated) C:\Users\Trinity\Downloads\CouponPrinter.exe

2013-05-20 04:09 - 2013-05-20 04:11 - 00000000 ____D C:\5c38e8688987a12b88722c5948

2013-05-19 05:02 - 2013-05-19 05:06 - 00000000 ____D C:\d2f3026c5dce386e2deb51

2013-05-16 16:56 - 2013-05-16 16:56 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-16 16:56 - 2013-05-16 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-16 16:56 - 2013-04-04 11:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-05-16 16:55 - 2013-05-16 16:55 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Trinity\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-16 09:26 - 2013-05-16 09:26 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\dingogames

2013-05-16 09:26 - 2013-05-16 09:26 - 00000000 ____D C:\ProgramData\dingogames

2013-05-16 07:59 - 2013-05-16 07:59 - 00022211 ____A C:\Users\Trinity\Desktop\dds.txt

2013-05-16 07:59 - 2013-05-16 07:59 - 00009745 ____A C:\Users\Trinity\Desktop\attach.txt

2013-05-16 07:57 - 2013-05-16 07:57 - 00688992 ____R (Swearware) C:\Users\Trinity\Desktop\dds.com

2013-05-16 07:42 - 2013-05-16 07:42 - 00945272 ____A (Prevx) C:\Users\Trinity\Downloads\prevxcsibus.exe

2013-05-16 07:42 - 2013-05-16 07:42 - 00945272 ____A (Prevx) C:\Users\Trinity\Downloads\717D47915A5042389969.EXE

2013-05-16 07:42 - 2013-05-16 07:42 - 00000052 ____A C:\Windows\wininit.ini

2013-05-16 07:42 - 2013-05-16 07:42 - 00000000 ____D C:\ProgramData\PrevxCSI

2013-05-16 07:25 - 2013-05-16 16:59 - 00000168 ____A C:\Windows\setupact.log

2013-05-16 07:25 - 2013-05-16 07:25 - 00000000 ____A C:\Windows\setuperr.log

2013-05-16 07:22 - 2013-05-16 07:23 - 00014086 ____A C:\Users\Trinity\Desktop\cc_20130516_102208.reg

2013-05-16 04:38 - 2013-05-16 04:38 - 00000000 ____D C:\18c9759adbc9954f12

2013-05-16 04:38 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 04:38 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 04:38 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 04:38 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 04:37 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 04:37 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 04:37 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 04:37 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 04:37 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-16 04:37 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-16 04:37 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 04:37 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-16 04:37 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 04:37 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-16 04:37 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 04:37 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 04:37 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-16 04:37 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 04:37 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 04:37 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 04:37 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-16 04:37 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 04:37 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 04:37 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-16 04:37 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 04:37 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 04:37 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-16 04:37 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-16 04:37 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 04:37 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 04:37 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-16 04:37 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-15 10:49 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 10:49 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 10:49 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 10:49 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 10:49 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 10:49 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 10:49 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 10:49 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 10:49 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 10:49 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 10:49 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 10:49 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 10:49 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-15 10:49 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-12 10:08 - 2013-05-12 10:08 - 00004258 ____A C:\Users\School\Downloads\Heather's First Draft

2013-05-10 06:48 - 2013-05-10 07:10 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Mobipocket

2013-05-10 06:48 - 2013-05-10 06:48 - 00282293 ____A C:\Users\Trinity\Downloads\last mercenary the - diana palmer.mobi

2013-05-10 06:48 - 2013-05-10 06:48 - 00000000 ____D C:\Users\Trinity\Documents\My eBooks

2013-05-10 06:45 - 2013-05-10 06:45 - 00003083 ____A C:\Users\Trinity\Desktop\Mobipocket Reader.lnk

2013-05-10 06:45 - 2013-05-10 06:45 - 00000000 ____D C:\Program Files (x86)\Mobipocket.com

2013-05-10 06:44 - 2013-05-10 06:44 - 05606400 ____A C:\Users\Trinity\Downloads\mobireadersetup.msi

2013-05-10 06:42 - 2013-05-10 06:44 - 23407736 ____A ( ) C:\Users\Trinity\Downloads\setup.exe

2013-05-09 20:31 - 2013-05-13 16:37 - 00000000 ____D C:\Users\Trinity\Documents\New folder

2013-05-09 20:30 - 2013-05-09 20:30 - 00138421 ____A C:\Users\Trinity\Downloads\Next I go to Seven Gates.html

2013-05-09 20:30 - 2013-05-09 20:30 - 00034401 ____A C:\Users\Trinity\Downloads\In the Springtime of His.mobi

2013-05-07 11:11 - 2013-05-07 11:11 - 00000000 ____D C:\Users\Trinity\AppData\Local\Macromedia

2013-05-07 11:10 - 2013-05-07 11:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-07 11:10 - 2013-05-07 11:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-07 11:10 - 2013-05-07 11:10 - 00000000 ____D C:\Windows\System32\Macromed

2013-05-07 11:09 - 2013-05-07 11:09 - 00001155 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Mozilla

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Users\Trinity\AppData\Local\Mozilla

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\ProgramData\Mozilla

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-07 11:08 - 2013-05-07 11:08 - 21036128 ____A (Mozilla) C:\Users\Trinity\Downloads\Firefox Setup 20.0.1.exe

2013-05-07 10:55 - 2013-05-07 10:55 - 00000000 ____D C:\Users\Trinity\AppData\Local\{8D8669B4-799C-42F5-81D1-CAF93E46BAA5}

2013-05-07 10:55 - 2013-05-07 10:55 - 00000000 ____D C:\Users\Trinity\AppData\Local\{8A8EA87C-DFC7-48E2-9C22-B4B33EB59B7E}

2013-05-07 10:54 - 2013-05-07 10:55 - 00000000 ____D C:\Users\Trinity\AppData\Local\Windows Live Writer

2013-05-07 10:54 - 2013-05-07 10:54 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Windows Live Writer

2013-05-04 09:34 - 2013-05-04 09:34 - 00000000 ____D C:\Users\Trinity\AppData\Local\Chromium

2013-05-04 09:31 - 2013-05-04 09:31 - 00000000 ____D C:\Users\Trinity\AppData\Local\The Lord of the Rings Online

2013-05-04 09:21 - 2013-05-04 09:21 - 00000095 ____A C:\Users\Trinity\AppData\Local\fusioncache.dat

2013-05-04 09:19 - 2013-05-04 15:49 - 00002049 ____A C:\Users\Trinity\Desktop\The Lord of the Rings Online™.lnk

2013-05-04 09:19 - 2013-05-04 09:48 - 00000000 ____D C:\Users\Trinity\Documents\The Lord of the Rings Online

2013-05-04 09:19 - 2013-05-04 09:22 - 00000000 ____D C:\Users\Trinity\AppData\Local\Turbine

2013-05-04 09:16 - 2009-09-04 14:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2013-05-04 09:16 - 2009-09-04 14:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2013-05-04 09:16 - 2009-09-04 14:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2013-05-04 09:16 - 2007-03-12 13:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2013-05-04 09:13 - 2013-05-04 09:13 - 00000000 ____D C:\ProgramData\Turbine

2013-05-04 09:12 - 2013-05-13 08:40 - 00000000 ____D C:\ProgramData\HappyCloud

2013-05-04 09:12 - 2013-05-04 09:12 - 04010432 ____A C:\Users\Trinity\Downloads\LOTROProgressive_1.368.exe

2013-05-03 02:55 - 2013-05-03 02:55 - 00000000 ____D C:\Users\School\AppData\Roaming\Malwarebytes

2013-05-02 06:32 - 2013-05-02 06:32 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-28 18:53 - 2013-04-28 18:53 - 00001650 ____A C:\Users\School\Desktop\URLLink.acsm

2013-04-28 12:30 - 2013-04-28 12:30 - 00000000 ____D C:\Users\Trinity\AppData\Local\2DBoy

2013-04-28 12:30 - 2013-04-28 12:30 - 00000000 ____D C:\ProgramData\2DBoy

2013-04-28 11:44 - 2013-04-28 11:45 - 06640101 ____A C:\Users\School\Desktop\Climate Change-HeatherHeath.pptx

2013-04-27 11:45 - 2013-04-27 11:45 - 00000000 ____D C:\ProgramData\PlayFirst

2013-04-27 10:09 - 2013-04-27 10:09 - 00001392 ____A C:\Users\School\Downloads\AFA2.tmp

2013-04-27 09:45 - 2013-04-28 18:54 - 00000000 ____D C:\Users\School\Documents\My Digital Editions

2013-04-27 09:45 - 2013-04-27 09:45 - 00000000 ____D C:\Users\School\AppData\Local\Adobe_Systems_Incorporate

2013-04-24 12:47 - 2013-04-24 12:47 - 00000000 ____D C:\Users\Trinity\Documents\Master of Alchemy

2013-04-23 17:05 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-23 09:59 - 2013-05-23 09:59 - 00000000 ____D C:\FRST

2013-05-23 06:56 - 2013-03-04 21:51 - 01184877 ____A C:\Windows\WindowsUpdate.log

2013-05-23 06:51 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-23 06:51 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-23 06:46 - 2013-05-23 06:46 - 01878472 ____A (Farbar) C:\Users\Trinity\Downloads\FRST64.exe

2013-05-23 06:37 - 2013-05-23 06:37 - 00295144 ____A C:\Users\Trinity\Downloads\American Harry Prequel 40.htm

2013-05-23 06:36 - 2013-05-23 06:36 - 00000813 ____A C:\Users\Trinity\Downloads\Chapter 25 Temp Review Responses.txt

2013-05-23 06:27 - 2013-03-05 14:17 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-22 13:58 - 2013-03-04 19:39 - 00000000 ____D C:\Users\Trinity\AppData\Local\Windows Live

2013-05-22 07:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-21 11:56 - 2013-05-21 04:45 - 00000000 ____D C:\Users\Trinity\Desktop\Manga

2013-05-21 08:34 - 2009-07-13 21:13 - 00733930 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-20 18:27 - 2013-03-05 14:17 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-20 16:33 - 2013-05-20 16:33 - 01858040 ____A (Coupons.com Incorporated) C:\Users\Trinity\Downloads\CouponPrinter.exe

2013-05-20 04:11 - 2013-05-20 04:09 - 00000000 ____D C:\5c38e8688987a12b88722c5948

2013-05-19 05:06 - 2013-05-19 05:02 - 00000000 ____D C:\d2f3026c5dce386e2deb51

2013-05-16 17:53 - 2013-03-06 14:57 - 00002792 ____A C:\Users\Trinity\Desktop\vba.ini

2013-05-16 17:00 - 2013-03-05 14:16 - 00000000 ____D C:\ProgramData\clear.fi

2013-05-16 16:59 - 2013-05-16 07:25 - 00000168 ____A C:\Windows\setupact.log

2013-05-16 16:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-16 16:56 - 2013-05-16 16:56 - 00001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-16 16:56 - 2013-05-16 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-16 16:55 - 2013-05-16 16:55 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Trinity\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-16 09:26 - 2013-05-16 09:26 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\dingogames

2013-05-16 09:26 - 2013-05-16 09:26 - 00000000 ____D C:\ProgramData\dingogames

2013-05-16 07:59 - 2013-05-16 07:59 - 00022211 ____A C:\Users\Trinity\Desktop\dds.txt

2013-05-16 07:59 - 2013-05-16 07:59 - 00009745 ____A C:\Users\Trinity\Desktop\attach.txt

2013-05-16 07:57 - 2013-05-16 07:57 - 00688992 ____R (Swearware) C:\Users\Trinity\Desktop\dds.com

2013-05-16 07:42 - 2013-05-16 07:42 - 00945272 ____A (Prevx) C:\Users\Trinity\Downloads\prevxcsibus.exe

2013-05-16 07:42 - 2013-05-16 07:42 - 00945272 ____A (Prevx) C:\Users\Trinity\Downloads\717D47915A5042389969.EXE

2013-05-16 07:42 - 2013-05-16 07:42 - 00000052 ____A C:\Windows\wininit.ini

2013-05-16 07:42 - 2013-05-16 07:42 - 00000000 ____D C:\ProgramData\PrevxCSI

2013-05-16 07:25 - 2013-05-16 07:25 - 00000000 ____A C:\Windows\setuperr.log

2013-05-16 07:25 - 2009-07-13 20:45 - 00429208 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 07:23 - 2013-05-16 07:22 - 00014086 ____A C:\Users\Trinity\Desktop\cc_20130516_102208.reg

2013-05-16 07:23 - 2013-04-11 17:01 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Media Player Classic

2013-05-16 05:06 - 2013-03-28 07:01 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-16 05:04 - 2013-04-22 13:43 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-16 04:38 - 2013-05-16 04:38 - 00000000 ____D C:\18c9759adbc9954f12

2013-05-13 16:37 - 2013-05-09 20:31 - 00000000 ____D C:\Users\Trinity\Documents\New folder

2013-05-13 11:33 - 2013-03-10 08:56 - 00000000 ____D C:\Users\School\Desktop\Sociology

2013-05-13 09:19 - 2013-04-11 03:58 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\SoftGrid Client

2013-05-13 08:40 - 2013-05-04 09:12 - 00000000 ____D C:\ProgramData\HappyCloud

2013-05-12 14:30 - 2013-03-10 08:55 - 00000000 ____D C:\Users\School\AppData\Roaming\SoftGrid Client

2013-05-12 10:49 - 2013-03-10 08:56 - 00000000 ____D C:\Users\School\Desktop\English

2013-05-12 10:08 - 2013-05-12 10:08 - 00004258 ____A C:\Users\School\Downloads\Heather's First Draft

2013-05-11 16:33 - 2013-03-05 20:39 - 00000000 ____D C:\Users\Trinity\Desktop\VisualBoyAdvance-1.7.2

2013-05-10 07:10 - 2013-05-10 06:48 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Mobipocket

2013-05-10 06:48 - 2013-05-10 06:48 - 00282293 ____A C:\Users\Trinity\Downloads\last mercenary the - diana palmer.mobi

2013-05-10 06:48 - 2013-05-10 06:48 - 00000000 ____D C:\Users\Trinity\Documents\My eBooks

2013-05-10 06:45 - 2013-05-10 06:45 - 00003083 ____A C:\Users\Trinity\Desktop\Mobipocket Reader.lnk

2013-05-10 06:45 - 2013-05-10 06:45 - 00000000 ____D C:\Program Files (x86)\Mobipocket.com

2013-05-10 06:44 - 2013-05-10 06:44 - 05606400 ____A C:\Users\Trinity\Downloads\mobireadersetup.msi

2013-05-10 06:44 - 2013-05-10 06:42 - 23407736 ____A ( ) C:\Users\Trinity\Downloads\setup.exe

2013-05-09 20:30 - 2013-05-09 20:30 - 00138421 ____A C:\Users\Trinity\Downloads\Next I go to Seven Gates.html

2013-05-09 20:30 - 2013-05-09 20:30 - 00034401 ____A C:\Users\Trinity\Downloads\In the Springtime of His.mobi

2013-05-07 11:11 - 2013-05-07 11:11 - 00000000 ____D C:\Users\Trinity\AppData\Local\Macromedia

2013-05-07 11:11 - 2011-04-06 12:57 - 00000000 ____D C:\ProgramData\Adobe

2013-05-07 11:10 - 2013-05-07 11:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-07 11:10 - 2013-05-07 11:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-07 11:10 - 2013-05-07 11:10 - 00000000 ____D C:\Windows\System32\Macromed

2013-05-07 11:09 - 2013-05-07 11:09 - 00001155 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Mozilla

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Users\Trinity\AppData\Local\Mozilla

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\ProgramData\Mozilla

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-07 11:09 - 2013-05-07 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-07 11:08 - 2013-05-07 11:08 - 21036128 ____A (Mozilla) C:\Users\Trinity\Downloads\Firefox Setup 20.0.1.exe

2013-05-07 10:55 - 2013-05-07 10:55 - 00000000 ____D C:\Users\Trinity\AppData\Local\{8D8669B4-799C-42F5-81D1-CAF93E46BAA5}

2013-05-07 10:55 - 2013-05-07 10:55 - 00000000 ____D C:\Users\Trinity\AppData\Local\{8A8EA87C-DFC7-48E2-9C22-B4B33EB59B7E}

2013-05-07 10:55 - 2013-05-07 10:54 - 00000000 ____D C:\Users\Trinity\AppData\Local\Windows Live Writer

2013-05-07 10:54 - 2013-05-07 10:54 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\Windows Live Writer

2013-05-05 13:36 - 2013-05-16 04:38 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 13:16 - 2013-05-16 04:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-05 11:25 - 2013-05-16 04:38 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-05 11:12 - 2013-05-16 04:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-04 15:49 - 2013-05-04 09:19 - 00002049 ____A C:\Users\Trinity\Desktop\The Lord of the Rings Online™.lnk

2013-05-04 09:48 - 2013-05-04 09:19 - 00000000 ____D C:\Users\Trinity\Documents\The Lord of the Rings Online

2013-05-04 09:34 - 2013-05-04 09:34 - 00000000 ____D C:\Users\Trinity\AppData\Local\Chromium

2013-05-04 09:31 - 2013-05-04 09:31 - 00000000 ____D C:\Users\Trinity\AppData\Local\The Lord of the Rings Online

2013-05-04 09:22 - 2013-05-04 09:19 - 00000000 ____D C:\Users\Trinity\AppData\Local\Turbine

2013-05-04 09:21 - 2013-05-04 09:21 - 00000095 ____A C:\Users\Trinity\AppData\Local\fusioncache.dat

2013-05-04 09:15 - 2013-03-10 08:54 - 00756952 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-05-04 09:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-05-04 09:13 - 2013-05-04 09:13 - 00000000 ____D C:\ProgramData\Turbine

2013-05-04 09:12 - 2013-05-04 09:12 - 04010432 ____A C:\Users\Trinity\Downloads\LOTROProgressive_1.368.exe

2013-05-03 02:55 - 2013-05-03 02:55 - 00000000 ____D C:\Users\School\AppData\Roaming\Malwarebytes

2013-05-02 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-05-02 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-05-02 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-05-02 15:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-05-02 06:32 - 2013-05-02 06:32 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-02 06:32 - 2013-05-02 06:32 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-01 23:06 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-04-28 18:54 - 2013-04-27 09:45 - 00000000 ____D C:\Users\School\Documents\My Digital Editions

2013-04-28 18:53 - 2013-04-28 18:53 - 00001650 ____A C:\Users\School\Desktop\URLLink.acsm

2013-04-28 12:30 - 2013-04-28 12:30 - 00000000 ____D C:\Users\Trinity\AppData\Local\2DBoy

2013-04-28 12:30 - 2013-04-28 12:30 - 00000000 ____D C:\ProgramData\2DBoy

2013-04-28 11:45 - 2013-04-28 11:44 - 06640101 ____A C:\Users\School\Desktop\Climate Change-HeatherHeath.pptx

2013-04-27 11:45 - 2013-04-27 11:45 - 00000000 ____D C:\ProgramData\PlayFirst

2013-04-27 11:45 - 2013-04-05 16:09 - 00000000 ____D C:\Users\Trinity\AppData\Roaming\PlayFirst

2013-04-27 10:20 - 2013-04-07 08:29 - 00000000 ____D C:\Users\School\AppData\Local\Microsoft Help

2013-04-27 10:09 - 2013-04-27 10:09 - 00001392 ____A C:\Users\School\Downloads\AFA2.tmp

2013-04-27 09:48 - 2013-03-10 08:48 - 00000000 ____D C:\Users\School\AppData\Roaming\Adobe

2013-04-27 09:45 - 2013-04-27 09:45 - 00000000 ____D C:\Users\School\AppData\Local\Adobe_Systems_Incorporate

2013-04-24 12:47 - 2013-04-24 12:47 - 00000000 ____D C:\Users\Trinity\Documents\Master of Alchemy

2013-04-24 04:28 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2013-04-23 13:57 - 2013-03-17 15:56 - 00000000 ____D C:\Users\Trinity\Desktop\Books

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-22 07:06:57

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 3947.86 MB

Available physical RAM: 3262.58 MB

Total Pagefile: 3946.06 MB

Available Pagefile: 3248.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:581.07 GB) (Free:520.78 GB) NTFS (Disk=0 Partition=3)

Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:3.28 GB) NTFS (Disk=0 Partition=1)

Drive g: () (Removable) (Total:14.9 GB) (Free:2.82 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: E01C059E)

Partition 1: (Not Active) - (Size=15 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

Last Boot: 2013-05-04 16:51

==================== End Of Log ============================

[Maurice Naggar]

You mentioned computer has had "overheating" issues. Be very aware that overheating is a severe enemy of your hardware and must be addressed and cured by you.

If this is a Desktop system, look very closely at the air vent in back and make sure there is no gunk or dust or foregign debri. Vaccum off any such debri, first making sure you have powered off the pc beforehand.

If this is a notebook, let me know that too, and make sure the vents are free of foreign objects, dust, etc and in the case of notebooks, consider getting a "hardware cooler" like those by Targus. Those go under the notebook and have extra fans for ventilation.

Make sure your room has enough free space around your pc for air circulation and that the temperature is reasonable.

2

Kindly tell me why it appears that this pc has no Antivirus program installed and running. Having an Antivirus is a must have.

3

There does not appear to be obvious/visible malware, but there are 2 utility items which can be removed from auto-starting with each Windows startup.

Please carefully follow this procedure

Please download the attached fixlist.txt and SAVE / copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this particular system. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your next reply.

4

Next, remove the flash-USB drive, plus any other external storage drive, and restart Windows fresh into normal mode.

• Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external storage drives from the computer before you run this scan!
  
• For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• When prompted to accept the EULA, please do so.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller

Fixlist.txt

[SableRayven]

1: Yes this is a Laptop its an Acer Aspire 5750 model. I will consider getting my computer a cooling system like the one you suggested for right now I got a stool with a screen like top I can use as a table that way it has plenty of ventilation. I also used some q-tips and cleaned the vents.

2. Because last time I had a problem I went to my brother to fix it (he owns and runs some servers) and left it with him overnight. He basically hard wiped the thing and told me that it was the antivirus causing the problems, then he installed a program called Speccy and gave me these instructions here [Do not touch Speccy that is so I can check your system preformace and issues quickly next time. Moving on, run MBAM at lease once a week, run Defraggler at least once every two weeks pending usage, and run CCleaner at least once every two weeks as well.] and told me I should be fine from there on out. A month or so later and these problems start happening, short to say I will not be going back to him again. If there are any antivirus programs that a person with little to no money can use then please feel free to suggest it.

Here are the reports you asked for:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-05-2013 01

Ran by SYSTEM at 2013-05-23 12:47:15 Run:1

Running from G:\

Boot Mode: Recovery

==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.

==== End of Fixlog ====

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Trinity [Admin rights]

Mode : Scan -- Date : 05/23/2013 12:50:06

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT1 +++++

--- User ---

[MBR] e86b244933ef60bf832a248c64bc5e1a

[bSP] 745cb106adff39d6143c794484175a77 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 595018 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05232013_02d1250.txt >>

RKreport[1]_S_05232013_02d1250.txt

[SableRayven]

Thank you for all of your help so far, by the way.

[Maurice Naggar]

That was a good run with FRST. The Roguekiller report is good, as well.

Just so you know, Speccy is a good diagnostic tool.

If this pc does not have an antivirus, then you must get one. If cost is an issue, there are some free ones you can get.

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Choose one of them.

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

NEXT:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[SableRayven]

Quick Question, both antivirus softwares' are saying that MalwareBytes may interfere with them, do I install anyway?

[SableRayven]

Nevermind if it wasn't safe with it you wouldn't have suggested it.

Heres the reports in order

OTL logfile created on: 5/23/2013 2:45:07 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trinity\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.42% Memory free

7.71 Gb Paging File | 5.84 Gb Available in Paging File | 75.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.07 Gb Total Space | 520.67 Gb Free Space | 89.60% Space Free | Partition Type: NTFS

Computer Name: ASYLUM | User Name: Trinity | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 14:44:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trinity\Downloads\OTL.exe

PRC - [2013/05/23 14:36:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2013/05/23 14:35:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2013/05/23 14:35:55 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013/04/22 22:28:45 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe

PRC - [2013/04/22 22:28:45 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2013/04/22 22:28:43 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2013/04/22 22:28:43 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2013/04/09 03:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe

PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

PRC - [2011/02/15 13:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

PRC - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/09/27 21:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

PRC - [2010/09/17 18:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010/09/17 18:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/04/26 21:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 07:56:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll

MOD - [2013/05/16 07:56:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll

MOD - [2013/05/16 07:56:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll

MOD - [2013/04/09 03:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll

MOD - [2013/04/09 03:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

MOD - [2013/04/09 03:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll

MOD - [2013/04/09 03:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll

MOD - [2013/04/09 03:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll

MOD - [2013/03/13 21:39:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/03/13 21:39:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll

MOD - [2013/03/13 21:39:04 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll

MOD - [2013/03/13 21:38:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/03/13 21:38:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/03/13 17:13:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/03/13 17:13:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

MOD - [2011/02/15 13:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/10/08 05:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/23 14:36:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013/05/23 14:35:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013/04/22 22:28:43 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2013/04/10 01:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/03/05 01:07:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)

SRV - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/27 20:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/23 14:37:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2013/05/23 14:37:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2013/05/23 14:37:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/04/06 15:55:03 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011/04/06 15:55:03 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011/04/06 15:55:03 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011/03/25 20:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2011/01/19 22:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2011/01/17 17:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2011/01/13 20:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/09 05:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/10/08 05:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/09/30 00:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/09/30 00:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/07 14:09:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/07 14:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trinity\AppData\Roaming\Mozilla\Extensions

[2013/05/07 14:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/10 01:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/04/10 01:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/04/10 01:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: Adblock Plus = C:\Users\Trinity\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DBCDA7-76D7-4497-93B0-376EA72DE8AF}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC165E47-7983-45DC-B201-36594D8A9BC9}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{521b7300-8601-11e2-9b6a-b870f48fb9d4}\Shell - "" = AutoRun

O33 - MountPoints2\{521b7300-8601-11e2-9b6a-b870f48fb9d4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 14:46:45 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Avira

[2013/05/23 14:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2013/05/23 14:41:21 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013/05/23 14:41:21 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013/05/23 14:41:21 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2013/05/23 14:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2013/05/23 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2013/05/23 14:38:35 | 000,000,000 | ---D | C] -- C:\8026df074ef51e14c1

[2013/05/23 12:59:24 | 000,000,000 | ---D | C] -- C:\FRST

[2013/05/23 12:49:02 | 000,000,000 | ---D | C] -- C:\Users\Trinity\Desktop\RK_Quarantine

[2013/05/21 07:45:09 | 000,000,000 | ---D | C] -- C:\Users\Trinity\Desktop\Manga

[2013/05/16 19:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/16 19:56:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/16 19:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/16 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\dingogames

[2013/05/16 12:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\dingogames

[2013/05/16 10:57:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Trinity\Desktop\dds.com

[2013/05/16 10:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI

[2013/05/16 07:38:30 | 000,000,000 | ---D | C] -- C:\18c9759adbc9954f12

[2013/05/16 07:37:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/16 07:37:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/16 07:37:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/16 07:37:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/16 07:37:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/16 07:37:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/16 07:37:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/16 07:37:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/16 07:37:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/16 07:37:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/16 07:37:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/16 07:37:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/16 07:37:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/16 07:37:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/16 07:37:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/15 13:49:50 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/15 13:49:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/15 13:49:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/15 13:49:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/15 13:49:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/15 13:49:36 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/15 13:49:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/05/10 09:48:21 | 000,000,000 | ---D | C] -- C:\Users\Trinity\Documents\My eBooks

[2013/05/10 09:48:21 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Mobipocket

[2013/05/10 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com

[2013/05/10 09:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com

[2013/05/09 23:31:19 | 000,000,000 | ---D | C] -- C:\Users\Trinity\Documents\New folder

[2013/05/07 14:11:53 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\Macromedia

[2013/05/07 14:10:55 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/07 14:10:55 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/07 14:10:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2013/05/07 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Mozilla

[2013/05/07 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\Mozilla

[2013/05/07 14:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2013/05/07 14:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013/05/07 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/05/07 13:55:12 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\{8D8669B4-799C-42F5-81D1-CAF93E46BAA5}

[2013/05/07 13:55:11 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\{8A8EA87C-DFC7-48E2-9C22-B4B33EB59B7E}

[2013/05/07 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Windows Live Writer

[2013/05/07 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\Windows Live Writer

[2013/05/04 12:34:23 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\Chromium

[2013/05/04 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\The Lord of the Rings Online

[2013/05/04 12:19:16 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\Turbine

[2013/05/04 12:19:16 | 000,000,000 | ---D | C] -- C:\Users\Trinity\Documents\The Lord of the Rings Online

[2013/05/04 12:16:52 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2013/05/04 12:16:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2013/05/04 12:16:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2013/05/04 12:16:25 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2013/05/04 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\ApplicationHistory

[2013/05/04 12:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

[2013/05/04 12:13:07 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine

[2013/05/04 12:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Turbine

[2013/05/04 12:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud

[2013/05/04 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud

[2013/05/02 09:32:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/05/02 09:32:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/05/02 09:32:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/05/02 09:32:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/05/02 09:32:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/05/02 09:32:56 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/05/02 09:32:56 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/05/02 09:32:56 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/05/02 09:32:56 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/05/02 09:32:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/05/02 09:32:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/05/02 09:32:56 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/05/02 09:32:55 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/05/02 09:32:54 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/05/02 09:32:54 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/05/02 09:32:54 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/05/02 09:32:53 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/05/02 09:32:52 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/05/02 09:32:52 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/05/02 09:32:52 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/05/02 09:32:52 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/05/02 09:32:52 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/05/02 09:32:52 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/05/02 09:32:51 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/05/02 09:32:50 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/05/02 09:32:50 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/05/02 09:32:50 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/04/28 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\Trinity\AppData\Local\2DBoy

[2013/04/28 15:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy

[2013/04/27 14:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst

[2013/04/24 15:47:05 | 000,000,000 | ---D | C] -- C:\Users\Trinity\Documents\Master of Alchemy

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/23 14:41:27 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2013/05/23 14:40:56 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/05/23 14:37:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013/05/23 14:37:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013/05/23 14:37:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2013/05/23 14:30:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/23 14:30:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/23 12:55:16 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/23 12:55:16 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/23 12:52:29 | 000,733,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/23 12:52:29 | 000,629,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/23 12:52:29 | 000,108,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/23 12:48:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/23 12:47:51 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/22 16:59:58 | 000,007,104 | ---- | M] () -- C:\Users\Trinity\Desktop\Raven'sKey_BLOG.jpg

[2013/05/19 10:19:32 | 000,140,488 | ---- | M] () -- C:\Users\Trinity\Desktop\Dynamic Fact Finding.pdf

[2013/05/16 20:53:03 | 000,002,792 | ---- | M] () -- C:\Users\Trinity\Desktop\vba.ini

[2013/05/16 19:56:52 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/16 10:57:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Trinity\Desktop\dds.com

[2013/05/16 10:42:32 | 000,000,052 | ---- | M] () -- C:\Windows\wininit.ini

[2013/05/16 10:25:37 | 000,429,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/16 10:23:04 | 000,014,086 | ---- | M] () -- C:\Users\Trinity\Desktop\cc_20130516_102208.reg

[2013/05/10 09:45:19 | 000,003,083 | ---- | M] () -- C:\Users\Trinity\Desktop\Mobipocket Reader.lnk

[2013/05/07 14:10:55 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/07 14:10:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/07 14:09:10 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/05/04 18:49:11 | 000,002,049 | ---- | M] () -- C:\Users\Trinity\Desktop\The Lord of the Rings Online™.lnk

[2013/05/04 12:21:42 | 000,000,095 | ---- | M] () -- C:\Users\Trinity\AppData\Local\fusioncache.dat

[2013/05/04 12:15:31 | 000,756,952 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/05/02 09:32:57 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/05/02 09:32:57 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/05/02 09:32:57 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/05/02 09:32:57 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/05/02 09:32:57 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/05/02 09:32:57 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/05/02 09:32:57 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/05/02 09:32:56 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/05/02 09:32:56 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/05/02 09:32:56 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/05/02 09:32:56 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/05/02 09:32:56 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/05/02 09:32:56 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/05/02 09:32:56 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/05/02 09:32:55 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/05/02 09:32:54 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/05/02 09:32:54 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/05/02 09:32:53 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/05/02 09:32:52 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/05/02 09:32:52 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/05/02 09:32:52 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/05/02 09:32:52 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/05/02 09:32:52 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/05/02 09:32:52 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/05/02 09:32:51 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/05/02 09:32:51 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/05/02 09:32:50 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/05/02 09:32:50 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 14:41:27 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2013/05/23 14:40:56 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/05/22 16:57:49 | 000,007,104 | ---- | C] () -- C:\Users\Trinity\Desktop\Raven'sKey_BLOG.jpg

[2013/05/19 10:19:32 | 000,140,488 | ---- | C] () -- C:\Users\Trinity\Desktop\Dynamic Fact Finding.pdf

[2013/05/16 19:56:52 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/16 10:42:28 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini

[2013/05/16 10:22:13 | 000,014,086 | ---- | C] () -- C:\Users\Trinity\Desktop\cc_20130516_102208.reg

[2013/05/10 09:45:19 | 000,003,083 | ---- | C] () -- C:\Users\Trinity\Desktop\Mobipocket Reader.lnk

[2013/05/07 14:09:10 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013/05/07 14:09:10 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/05/04 12:21:42 | 000,000,095 | ---- | C] () -- C:\Users\Trinity\AppData\Local\fusioncache.dat

[2013/05/04 12:19:21 | 000,002,049 | ---- | C] () -- C:\Users\Trinity\Desktop\The Lord of the Rings Online™.lnk

[2013/03/10 11:54:59 | 000,756,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/03/09 15:36:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2013/03/05 23:41:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/16 12:26:44 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\dingogames

[2013/04/22 23:55:27 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\Easy BitTorrent Client

[2013/04/22 14:45:41 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\EscapeFromParadise2

[2013/04/02 16:58:08 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\Magnet's Story

[2013/04/16 09:10:41 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\Mind Control Software

[2013/05/10 10:10:56 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\Mobipocket

[2013/04/22 23:55:02 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\Namco

[2013/04/27 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\PlayFirst

[2013/04/22 23:55:02 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\qBittorrent

[2013/04/08 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\RenPy

[2013/04/18 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\runic games

[2013/05/13 12:19:35 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\SoftGrid Client

[2013/04/22 23:53:04 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\WildTangent

[2013/05/07 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Trinity\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1F96ED45

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2702A8B3

< End of report >

[SableRayven]

OTL Extras logfile created on: 5/23/2013 2:45:07 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trinity\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.42% Memory free

7.71 Gb Paging File | 5.84 Gb Available in Paging File | 75.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.07 Gb Total Space | 520.67 Gb Free Space | 89.60% Space Free | Partition Type: NTFS

Computer Name: ASYLUM | User Name: Trinity | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2393D680-F302-41F3-A0F2-AA894C4F85D0}" = rport=445 | protocol=6 | dir=out | app=system |

"{2765B8DE-5A6B-41B2-B746-BE3D011E68C7}" = lport=445 | protocol=6 | dir=in | app=system |

"{41CFCC00-0FD5-4FE2-867C-FF328E9288D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{5D142184-9B67-4660-BB55-C3D257BCBBEF}" = rport=137 | protocol=17 | dir=out | app=system |

"{6006864A-5F0C-4CC7-A077-657F995582BA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{62E27164-A347-47C0-A977-259AB1D3BC55}" = lport=138 | protocol=17 | dir=in | app=system |

"{709DEF12-4F55-440F-B9B2-AF8AED8B107C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{79AC112E-549A-4BC6-A7CD-3C0CDB351BBD}" = rport=139 | protocol=6 | dir=out | app=system |

"{7D19385B-4814-4441-B71B-20E4F92D8B23}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8C7AE3C2-E9C0-40D2-83AA-2E1216D347DA}" = lport=139 | protocol=6 | dir=in | app=system |

"{A342E90F-A00E-455F-9579-0BB248F48CC2}" = lport=137 | protocol=17 | dir=in | app=system |

"{AF7A349E-4108-4292-AEDD-714F7EDB6C44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C1DB417D-72AA-4F62-9C71-7AEB6DADB405}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CA517031-8DE5-4882-A3C1-17C69A0F82C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CB27D509-4854-4939-A6BF-F919E38E02A2}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05046B1B-2006-40BB-B0D0-67E60C1416F3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{0781A19A-FB96-44F7-AC7A-0FF1E79CC86E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{0E5B01A4-D944-4839-B131-037107B2938A}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |

"{1048CB51-DDDA-44C6-86AF-6DB7E2CB4DFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2540A538-9027-4C48-83DD-2D83E3949933}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |

"{29360951-3331-46CD-A0DE-148E5D6F6EA9}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |

"{2C247DB9-A373-4ECC-91F3-452F6B0BA5E7}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |

"{38AC1780-51B4-4AD6-8581-8ABB83B6769B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |

"{40B57CC5-0BB5-4580-839D-C47A5B2DE6D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{42029121-E9EB-43DE-984B-C196A9B142E9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |

"{4B2DEF7E-9FA9-4AC6-9A5A-D930AAF94ADA}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |

"{544E8FC5-9AA0-4EAB-BE97-BC06FF22EFE8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{575F4D13-6303-453B-AE8E-47A652D8CF23}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{6F937402-2CAA-49D5-AF4A-3C688AC12E23}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |

"{718DD167-8AF7-4895-B343-BE21283E72C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7FB78CAB-DCEE-4E94-9628-FF0D279C0EAB}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |

"{8D382E45-C7AD-4C6B-8453-D898A6639B60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9FE698E6-AF89-4768-8613-5CA14B7C23DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{CEFC5A92-9AD9-4D58-BE29-611B469A70EA}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |

"{CFDB7420-5A2B-41F9-8A45-A74F498720C5}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |

"{D9B6F781-3409-4AB4-B4A3-F4D2DF120952}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DD1DE6DD-0DD2-4D02-B3E7-74694A8B4DE3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |

"{EA83C20D-5B6B-4C64-8B05-2A1C85902C05}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{EBA8C591-58BE-48DF-9FD8-E20B84E9BE31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{EEC92742-6433-415D-A562-78A5C3EE621C}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |

"{FAF0989A-2814-48CC-95D4-0049E6FBC973}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FB95F0E0-86EE-4F3C-B44C-6777E87B2770}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{FEEAB045-B178-4975-A721-195CEB9D5587}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{FF39122C-0DDC-4D30-B389-10360C733D05}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)

"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"Google Chrome" = Google Chrome

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"iWinArcade" = iWin Games (remove only)

"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Full)

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Professional 2010

"WildTangent acer Master Uninstall" = Acer Games

"WildTangent wildgames Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-03c9ec30-0bae-4fcb-a5e9-0fc2bdf7c0a3" = Build-a-lot 2

"WTA-07959879-255f-4c0b-bc79-355c8afdeef0" = Penguins!

"WTA-10ffddbd-8537-432a-a888-e9482007dba4" = Matches and Matrimony

"WTA-12f0054b-362b-43eb-9b01-66996fe3eb69" = Zuma's Revenge

"WTA-17c02fae-d943-4732-a684-9cba3e87d023" = Namco All-Stars: PAC-MAN

"WTA-190f6486-006a-4c27-aec1-1b37b18e0df8" = Virtual Villagers 4 - The Tree of Life

"WTA-1ae829b6-af7f-407b-9803-b0b7f171f427" = Totem Tribe

"WTA-1bab4c4f-064e-460a-ac5f-dda4b90a04d5" = Build-a-lot

"WTA-216836d0-e3c8-4855-abcc-0984f8132a4c" = Bejeweled 2 Deluxe

"WTA-22afd31b-125c-40e6-970f-904d20d20b9f" = Cute Knight

"WTA-3b839546-9fc2-45a8-a364-4a161aaadbef" = Tasty Planet: Back for Seconds

"WTA-45046cf2-0f9b-4bae-98b5-f23cdabf1f2b" = Dream Builder: Amusement Park

"WTA-48dae4a7-7c8a-4fb3-9983-7a5200d49c59" = Dora's World Adventure

"WTA-49f8e0f8-28d7-4fa0-9f2b-e4302233bdca" = Agatha Christie - 4:50 from Paddington

"WTA-4a4e9280-9e8f-4d5c-bc20-685078709bd8" = Haiku Journey

"WTA-5085b143-1d0d-4cf4-9ec5-ab5438b7a6f8" = Virtual Families

"WTA-509771ed-fae9-4385-a762-5f8d8b0cc54c" = Tasty Planet

"WTA-5c5b61a9-0720-4e47-8ac9-b069f075fd60" = Mystery P.I. - Stolen in San Francisco

"WTA-5f48ef26-3b39-4dad-bbda-45b9cbb67d09" = Tradewinds

"WTA-6186ec4a-c4a0-41e5-af54-f473de2add8f" = Chuzzle Deluxe

"WTA-64e0da92-fe22-425b-84b7-ecbb7f6e844f" = Virtual Families 2

"WTA-7c04e19d-455b-425b-bfc9-15115643adc5" = Plants vs. Zombies - Game of the Year

"WTA-89653d3e-6559-45eb-a30c-3295bca13256" = Diner Dash 2 Restaurant Rescue

"WTA-92969c64-d372-4e7c-a2e6-d5d4620c3f43" = Shaman Odyssey - Tropic Adventure

"WTA-964e60ba-b571-43a3-9204-bd0cfddb574b" = Escape from Paradise 2 - A Kingdoms Quest

"WTA-b0198dd9-48b0-4e23-a9ab-fd0229c63d1d" = Master of Alchemy

"WTA-b2f12765-feb5-401c-9e60-a1d8a17c9d42" = Torchlight

"WTA-b3ce6bbc-5f6b-4c3d-b3a1-b8712e12b4d0" = Snapshot Adventures

"WTA-b3d2926e-fa32-4574-92ac-b580b9df5159" = Polar Golfer

"WTA-baa6332b-1172-47ab-b22b-5d70f5eb94f7" = Teddy Factory

"WTA-bb91c54d-0d9a-425b-b42c-58583afa5999" = A Magnetic Adventure

"WTA-be3e0fd2-4f4f-4b48-9b4f-666d42bad6de" = Virtual Villagers 5 - New Believers

"WTA-c2129fd0-dbb7-43be-b126-49875ab7826b" = ZoomBook - The Temple of the Sun

"WTA-c5a90d0b-ce83-48f6-87a2-87c3f1b3e550" = Buccaneer

"WTA-d088507a-68c6-4dcd-99bc-4c34896fce66" = Spellagories

"WTA-d231cf91-48fb-4cfc-a1d2-0964b07dfd54" = Jojo's Fashion Show World Tour

"WTA-e5daf8c9-89da-4fd9-a34a-c3a4e6183a31" = World of Goo

"WTA-e73a48fd-5236-4ef7-8faa-580fecf9e9db" = Jewel Quest Heritage

"WTA-f420e28e-c056-4a13-84f0-95c23459f0b0" = Final Drive: Nitro

"WTA-f54dbf5b-4452-40c3-9533-a04108b8c1f7" = Bee Garden

"WTA-f593b721-03bb-40ee-9bcd-4455d8978cf7" = Polar Bowler

"WTA-f9f94622-3cfb-4db7-adea-94da0753ea3e" = Poker Superstars III

"WTA-fb72bc05-4798-4860-acf2-97caabbe9cda" = FATE - The Traitor Soul

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HappyCloud" = Happy Cloud Client

"lotro_highres_en" = The Lord of the Rings Online

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/29/2013 2:38:43 PM | Computer Name = Asylum | Source = CVHSVC | ID = 100

Description = Information only. Error: The connection with the server was terminated

abnormally ErrorCode: 14007(0x36b7).

Error - 4/29/2013 5:05:32 PM | Computer Name = Asylum | Source = WinMgmt | ID = 10

Description =

Error - 4/29/2013 10:33:54 PM | Computer Name = Asylum | Source = Application Error | ID = 1000

Description = Faulting application name: osk.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bd272 Faulting module name: mshwLatin.dll, version: 6.1.7600.16385, time

stamp: 0x4a5bdfdc Exception code: 0xc0000006 Fault offset: 0x000000000008d85f Faulting

process id: 0x7e0 Faulting application start time: 0x01ce454a5747b471 Faulting application

path: C:\Windows\System32\osk.exe Faulting module path: C:\Program Files\Common

Files\Microsoft Shared\Ink\mshwLatin.dll Report Id: 666d33ac-b13e-11e2-964f-b870f48fb9d4

Error - 4/29/2013 10:33:54 PM | Computer Name = Asylum | Source = Application Error | ID = 1005

Description = Windows cannot access the file C:\Program Files\Common Files\Microsoft

Shared\ink\hwrusash.dat for one of the following reasons: there is a problem with

the network connection, the disk that the file is stored on, or the storage drivers

installed on this computer; or the disk is missing. Windows closed the program Accessibility

On-Screen Keyboard because of this error. Program: Accessibility On-Screen Keyboard

File:

C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat The error value

is listed in the Additional Data section. User Action 1. Open the file again. This

situation might be a temporary problem that corrects itself when the program runs

again. 2. If the file still cannot be accessed and - It is on the network, your network

administrator should verify that there is not a problem with the network and that

the server can be contacted. - It is on a removable disk, for example, a floppy

disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check

and repair the file system by running CHKDSK. To run CHKDSK, click Start, click

Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then

press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.

Determine whether other files on the same disk can be opened. If not, the disk might

be damaged. If it is a hard disk, contact your administrator or computer hardware

vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3

Error - 4/29/2013 10:42:19 PM | Computer Name = Asylum | Source = WinMgmt | ID = 10

Description =

Error - 4/29/2013 10:46:07 PM | Computer Name = Asylum | Source = Application Error | ID = 1000

Description = Faulting application name: osk.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bd272 Faulting module name: mshwLatin.dll, version: 6.1.7600.16385, time

stamp: 0x4a5bdfdc Exception code: 0xc0000006 Fault offset: 0x000000000008d85f Faulting

process id: 0x4c8 Faulting application start time: 0x01ce454cca812705 Faulting application

path: C:\Windows\System32\osk.exe Faulting module path: C:\Program Files\Common

Files\Microsoft Shared\Ink\mshwLatin.dll Report Id: 1ae34e5f-b140-11e2-b1ca-b870f48fb9d4

Error - 4/29/2013 10:46:07 PM | Computer Name = Asylum | Source = Application Error | ID = 1005

Description = Windows cannot access the file C:\Program Files\Common Files\Microsoft

Shared\ink\hwrusash.dat for one of the following reasons: there is a problem with

the network connection, the disk that the file is stored on, or the storage drivers

installed on this computer; or the disk is missing. Windows closed the program Accessibility

On-Screen Keyboard because of this error. Program: Accessibility On-Screen Keyboard

File:

C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat The error value

is listed in the Additional Data section. User Action 1. Open the file again. This

situation might be a temporary problem that corrects itself when the program runs

again. 2. If the file still cannot be accessed and - It is on the network, your network

administrator should verify that there is not a problem with the network and that

the server can be contacted. - It is on a removable disk, for example, a floppy

disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check

and repair the file system by running CHKDSK. To run CHKDSK, click Start, click

Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then

press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.

Determine whether other files on the same disk can be opened. If not, the disk might

be damaged. If it is a hard disk, contact your administrator or computer hardware

vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3

Error - 4/29/2013 10:51:51 PM | Computer Name = Asylum | Source = WinMgmt | ID = 10

Description =

Error - 4/29/2013 11:04:19 PM | Computer Name = Asylum | Source = Windows Search Service | ID = 7040

Description =

Error - 4/29/2013 11:04:19 PM | Computer Name = Asylum | Source = Windows Search Service | ID = 7042

Description =

[ System Events ]

Error - 5/10/2013 8:45:33 AM | Computer Name = Asylum | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/10/2013 8:56:46 AM | Computer Name = Asylum | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/11/2013 4:54:51 PM | Computer Name = Asylum | Source = volsnap | ID = 393230

Description = The shadow copies of volume C: were aborted because of an IO failure

on volume C:.

Error - 5/15/2013 11:51:01 PM | Computer Name = Asylum | Source = volsnap | ID = 393230

Description = The shadow copies of volume C: were aborted because of an IO failure

on volume C:.

Error - 5/16/2013 8:48:54 AM | Computer Name = Asylum | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:42:10 AM on ?5/?16/?2013 was unexpected.

Error - 5/16/2013 8:53:53 AM | Computer Name = Asylum | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

Error - 5/16/2013 8:59:40 AM | Computer Name = Asylum | Source = volsnap | ID = 393230

Description = The shadow copies of volume C: were aborted because of an IO failure

on volume C:.

Error - 5/16/2013 9:04:41 AM | Computer Name = Asylum | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server

2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2804576).

Error - 5/16/2013 11:37:31 AM | Computer Name = Asylum | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:34:43 AM on ?5/?16/?2013 was unexpected.

Error - 5/16/2013 8:59:33 PM | Computer Name = Asylum | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:57:27 PM on ?5/?16/?2013 was unexpected.

< End of report >

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 17

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.7.700.169

Adobe Reader 9

Mozilla Firefox 20.0.1 Firefox out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 7%

````````````````````End of Log``````````````````````

[Maurice Naggar]

Using Control Panel >> Programs and Features, Uninstall the following

Adobe Flash Player 10

Adobe Reader 9

Easy BitTorrent Client

Java 7 Update 17

Java 7 Update 17 (64-bit)

Java Auto Updater

qBittorrent

Task 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

• Temporarily disable your antivirus program and close any programs that you started.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Download the attached file OTLSable.txt and SAVE to your DESKTOP
  
• Start NOTEPAD
  Start NOTEPAD. Check and make sure "word wrap" is off.
  From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
  IF it -is- checkmarked, click that one time so that it is un-checked.
  
• Open the OTLSable.txt that you saved
  
• Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Task 3

Windows services

This will be a batch-fix .

• Press the Windows-key on keyboard.
  
• In the box, type notepad and press Enter.
  
• Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
  

  @Echo off
  sc stop wuauserv
  sc stop bits
  sc config dcomlaunch start= auto
  sc config nsi start= auto
  sc config dhcp start= auto
  sc config rpcss start= auto
  sc config winmgmt start= auto
  sc config wscsvc start= delayed-auto
  sc config bits start= delayed-auto
  sc config wuauserv start= delayed-auto
  sc config sdrsvc start= manual
  sc config vss start= auto
  sc config eventlog start= auto
  sc config bfe start= auto
  sc config eventsystem start= auto
  sc start sdrsvc
  sc start vss
  sc start rpcss
  sc start eventsystem
  sc start bfe
  sc start bits
  sc start wuauserv
  shutdown -r -t 1
  del %0

  
  

• Select File -> Save AS.
  
• Press the Desktop button on the left side of the save dialog.
  
• In the box, type in Fix.bat.
  
• Press .
  
• Close Notepad.
  
• Right click Fix.bat on your desktop, and choose .
  
• Press Yes if prompted by User Account Control.
  

This procedure will do its tasks and then it will Restart Windows.

Task 4

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or 8 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  
• Other services
  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Outdated & Insecure utilities

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.

http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

• A: If you decide to keep Java:
  The Java runtime components are typically located at
  C:\Program Files (x86)\Java\jre7\bin
  Locate javacpl.exe the Java control panel.
  Right click and select Open
  Click on the Update tab
  Put a checkmark at "Check for updates automatically"
  On the General tab, under Temporary Internet Files, click the Settings button.
  Next, click on the Delete Files button
  Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  Click OK to leave the Temporary Files Window
  Click on the Advanced tab
  Expand Miscellaneous:
  Un-check "place Java icon in system tray"
  Un-check "Java quick starter"
  Exit/close
  You need to remove older versions of Java runtime. Do this:
  Download & Save to your Desktop or a new folder Javara.zip
  Extract the contents of the zip file. Then double click Javara.exe to run it.
  JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).
  
• B: If you want to disable Java in your browser:
  How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse
  Also see No, Seriously, Just Disable Java in Your Browser Right Now
  

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Also see How to protect your computer against dangerous Java Applets

Firefox

Start Firefox. Select Help >>About Firefox >> Click button Check for Updates

Allow the download, and the Update and Allow the Restart of Firefox so that it completes the update.

There will be more to do after this. But -do- tell me, in general, How is the system now?

provide detail on specific problem, if any.

OTLSable.txt

[SableRayven]

The system in general is a lot better, the instructions you gave me took care of my lag problem with everything, if I need to boot something or surf the web its up and running like the roadrunner. As well as able to handle running multiple programs at once now, such as windows media player and the browser at the same time for example. Thank you for that. However, MBAM still freezes my entire system when its ran on either quick mode or full scan, and I did try it with the new anti-virus both activated, and disabled, same result both times.

[SableRayven]

Whoops sorry heres the logs

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521b7300-8601-11e2-9b6a-b870f48fb9d4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521b7300-8601-11e2-9b6a-b870f48fb9d4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521b7300-8601-11e2-9b6a-b870f48fb9d4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521b7300-8601-11e2-9b6a-b870f48fb9d4}\ not found.

File E:\LaunchU3.exe -a not found.

========== FILES ==========

File\Folder C:\Windows\SysWow64\URTTEMP not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 6932646 bytes

->Flash cache emptied: 56900 bytes

User: MOM

->Temp folder emptied: 478039 bytes

->Temporary Internet Files folder emptied: 67385 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 49716812 bytes

->Flash cache emptied: 56900 bytes

User: Public

User: School

->Temp folder emptied: 2443238 bytes

->Temporary Internet Files folder emptied: 492745 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 50354110 bytes

->Flash cache emptied: 56960 bytes

User: Trinity

->Temp folder emptied: 20063153 bytes

->Temporary Internet Files folder emptied: 13918865 bytes

->Java cache emptied: 17872 bytes

->FireFox cache emptied: 4931345 bytes

->Google Chrome cache emptied: 58718739 bytes

->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 69988347 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287318 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 306.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

->Flash cache emptied: 0 bytes

User: MOM

->Flash cache emptied: 0 bytes

User: Public

User: School

->Flash cache emptied: 0 bytes

User: Trinity

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

->Java cache emptied: 0 bytes

User: MOM

->Java cache emptied: 0 bytes

User: Public

User: School

->Java cache emptied: 0 bytes

User: Trinity

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05232013_165241

Files\Folders moved on Reboot...

C:\Users\Trinity\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Trinity\AppData\Local\Temp\MMDUtl.log moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Farbar Service Scanner Version: 14-04-2013

Ran by Trinity (administrator) on 23-05-2013 at 17:07:25

Running from "C:\Users\Trinity\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Maurice Naggar]

The system in general is a lot better, the instructions you gave me took care of my lag problem with everything, if I need to boot something or surf the web its up and running like the roadrunner. As well as able to handle running multiple programs at once now, such as windows media player and the browser at the same time for example. Thank you for that. However, MBAM still freezes my entire system when its ran on either quick mode or full scan, and I did try it with the new anti-virus both activated, and disabled, same result both times.

For the time being (until I find for you a better reference to make "trust settings" in both Avira & MBAM ).......

Try to temporarily disable Avira's real time scanner before you start the MBAM scan.

Right Click the red-unbrella Avira icon in system tray and UN-check the line for "Avira Guard enable" (if it is checked). {and reverse after you've finished with MBAM}

Disable Avira real-time & then do a Quick Scan with MBAM and copy > paste the MBAM scan log.

Re-enable the Avira real-time when all done.

[SableRayven]

I tried it again, however it still froze my entire system and I had to do a hard shutdown.

[Maurice Naggar]

Give this one try. Make sure to first close & save any (all) open documents and exit any programs you opened, beforehand.

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!