Hello and thank you in advance for your help.
I am working on my mothers computer and I believe that she has some malware. For the most part she is playing "free" word games and puzzles that she downloads from various places. Here computer extremely sluggish and often non responsive. I have run Spybot Search and Destroy and MalwareBytes. Both programs caught and cleaned up several issues but the computer is still performing rather poorly. I am hoping that you may be able to help.
Thank you.
OTL logfile created on: 1/10/2015 8:45:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rich\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.19% Memory free
3.75 Gb Paging File | 1.66 Gb Available in Paging File | 44.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 106.89 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 277.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: STEVE-PC | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/10 08:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
PRC - [2014/12/12 10:21:24 | 005,489,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/12/10 04:11:35 | 000,855,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
PRC - [2014/12/05 18:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/03 20:36:41 | 000,202,600 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/11/03 20:36:32 | 000,375,144 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2014/10/31 11:11:38 | 004,779,264 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 11:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/20 15:27:24 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/26 13:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/04/10 23:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/20 19:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/07/05 20:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/05 18:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 18:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/15 02:23:10 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 02:23:04 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 02:22:53 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\97bbbd410c21d79e55ed5519faab853d\System.Deployment.ni.dll
MOD - [2014/10/15 02:22:53 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 02:22:48 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\51d4d139f9b740978450f2aa473f6f13\System.Security.ni.dll
MOD - [2014/10/15 02:22:45 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 02:22:44 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 02:22:38 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 02:22:36 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/15 02:06:42 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\a7bd32e88ebbcfc66f59ac0945861adf\dfsvc.ni.exe
MOD - [2014/09/10 02:43:56 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/26 03:03:37 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2008/08/30 03:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/03/02 10:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014/12/10 04:11:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/03 20:36:41 | 000,202,600 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/11/03 20:36:32 | 000,375,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2015/01/10 08:21:36 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/11/03 20:36:34 | 000,086,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/30 10:07:27 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/10/26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 06:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/08/30 05:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/10/30 11:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 CB 60 E9 AA 2B D0 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CA36D1E6-2D97-45A8-9F49-8CAD8101A09F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.WeatherBlink.com/Plugin: C:\Program Files\WeatherBlinkEI\Installr\1.bin\NPgcEISB.dll (WeatherBlink)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\DailyBibleGuide\bar\1.bin
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/06/03 14:29:08 | 000,604,003 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com #[server down?]
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16164 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0631bff0-6846-48ca-982d-d62d7f376e97} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2A942AB7-2073-49BC-A7E1-77E93835889A} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%202%20Mix/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F17937B-E293-4C38-9CFB-1682302F61D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E18E4F40-05F5-4E1C-8DCE-C1EFA89EA173}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/10 08:44:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2015/01/10 08:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/10 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Deployment
[2015/01/10 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apps
[2015/01/09 23:55:41 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
[2015/01/09 23:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2015/01/09 21:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/01/09 21:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/01/09 20:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
[2015/01/09 20:28:14 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
[2015/01/09 20:28:14 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
[2015/01/09 20:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2015/01/08 20:05:28 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/01/08 20:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/08 20:03:46 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/01/08 20:03:46 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/01/08 20:03:46 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/01/08 20:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/01/08 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\ProcAlyzer Dumps
[2015/01/08 18:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2015/01/08 18:53:55 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2015/01/08 18:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2015/01/08 18:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\TuneUp Software
[2015/01/08 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\MFAData
[2015/01/01 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Avg2015
[2014/12/29 17:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jigsaw Puzzle Platinum 2
[2014/12/29 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Jigsaw Puzzle Platinum 2
[2014/12/24 22:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
========== Files - Modified Within 30 Days ==========
[2015/01/10 08:48:56 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/01/10 08:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2015/01/10 08:42:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/10 08:40:07 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/10 08:38:09 | 000,001,999 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/10 08:36:47 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/10 08:21:28 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2015/01/10 08:20:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/10 08:20:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/10 08:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/10 08:20:16 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/10 08:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/09 23:58:25 | 000,004,800 | ---- | M] () -- C:\Windows\mozy.blk
[2015/01/09 23:58:24 | 000,008,298 | ---- | M] () -- C:\Windows\mozy.flt
[2015/01/09 23:55:41 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2015/01/09 23:19:05 | 004,806,328 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/09 23:19:03 | 001,567,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/01/09 21:09:01 | 000,365,862 | ---- | M] () -- C:\Users\Rich\Documents\cc_20150109_210827.reg
[2015/01/09 17:29:24 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2015/01/09 17:29:24 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2015/01/07 10:29:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2015/01/01 18:05:10 | 000,000,947 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
========== Files Created - No Company Name ==========
[2015/01/10 08:36:47 | 000,001,999 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/10 08:36:47 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/10 08:34:24 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/10 08:34:20 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/09 23:55:41 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2015/01/09 21:08:31 | 000,365,862 | ---- | C] () -- C:\Users\Rich\Documents\cc_20150109_210827.reg
[2015/01/08 18:54:38 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2015/01/08 18:54:37 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2015/01/08 18:54:32 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2015/01/08 18:54:09 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2015/01/01 18:01:54 | 1878,515,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/14 14:52:25 | 000,011,324 | -HS- | C] () -- C:\ProgramData\3fnj0083gkusx12liwje8ko07cgt6w38w4i63ghdjfpl507
[2009/02/10 13:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/03/19 06:09:04 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Acer GameZone Console
[2015/01/08 18:36:57 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:9D7DCAE4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2B9724CF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:17639624
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF8984AC
< End of report >
OTL Extras logfile created on: 1/10/2015 8:45:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rich\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.19% Memory free
3.75 Gb Paging File | 1.66 Gb Available in Paging File | 44.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 106.89 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 277.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: STEVE-PC | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8266:TCP" = 8266:TCP:*:Enabled:Remote Assistance Local
"4087:TCP" = 4087:TCP:*:Enabled:Remote Assistance Remote
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{123D72EE-38D2-4545-B7A2-0B4711CF0175}" = lport=138 | protocol=17 | dir=in | app=system |
"{19F284A3-387B-40B0-AAFB-FC94BF9D6E55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1AF4D5F3-B881-4619-BA7A-E87AA74C9EC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C97F8DE-ECFB-4AA0-93F9-F9CF496A63DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{2FC53D11-A4C1-4C51-B0CF-CDBD23A6B03A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3CA6DAC3-0DEB-4A7D-93EE-03237F8CB96E}" = rport=138 | protocol=17 | dir=out | app=system |
"{622FB560-B189-4623-8C99-E7856950056C}" = lport=445 | protocol=6 | dir=in | app=system |
"{85A98C6D-6184-47B7-8679-A1AEFF4606D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{9642C854-CD94-4228-9862-D94103908397}" = lport=137 | protocol=17 | dir=in | app=system |
"{97D3A3B5-6C43-4A13-B60A-265FBC378D16}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{99D59549-1222-4905-A422-FA6D92A21A14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{D168FA47-3CFB-49FB-ADAE-42CB3F039CB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{D68C406A-4383-4186-A2EF-4B321B76A5F1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8AB8B1F-202F-4092-88DF-F58AC89C3464}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DDB2928E-1846-4C14-9E94-62DC86710E7D}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093DF7DB-4358-456C-9812-97D551FFE92E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0ADE27F2-8D7A-40C5-8141-275D35EFD47D}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{1A19CFA4-A4B5-44B3-9C1C-9D8EDC8182FD}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{2F0D1915-AD71-49AA-B1C2-16DD2FC73D6F}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{2F119B2C-C6F3-4B79-A4A8-9B7ED8A14995}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{430601B9-7687-40CC-953B-29076DB4C0D0}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{46C7F134-C389-42A4-BA31-C4E39306E03C}" = protocol=58 | dir=in |
[email protected],-28545 |
"{47EFC949-5CC2-438A-A4B4-710BB3A6BF64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52DABF9D-2E89-43C7-9F20-90B55920F110}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{55A8D584-05BB-4889-A42D-50C736E7023E}" = protocol=1 | dir=out |
[email protected],-28544 |
"{65CEC6A7-D03A-44FD-9E21-DBC754AF9AFD}" = dir=in | app=%systemroot%\system32\svchost.exe |
"{77DC02AE-61E9-4E73-997D-367A2D262B6E}" = protocol=1 | dir=in |
[email protected],-28543 |
"{78739E2B-FCA9-4244-B646-34BD4BBFF5EB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{83C3F493-D21B-42DC-B3D0-D1AD71552C07}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{86F4452F-E040-43CF-A179-608F605796BE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{87208C5E-6390-4A0A-8A0E-25729BE042A9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{905294F6-6247-44C8-A106-D02B32123EA6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{99B83050-0AD1-41FE-96D2-F1EE075ED7DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A099755A-1FDD-4ED6-AC39-1073EEDF77EE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{A6688B51-F7E0-4E31-B04E-C7EE342C41B7}" = protocol=58 | dir=out |
[email protected],-28546 |
"{BE1135C7-184B-470F-8CEA-6558E12C0151}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{D6260F0C-5F9E-4C1E-A633-8B48BF58F938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D973ADD6-4794-46E4-99AE-3A6B19AEA36F}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{E1F71F6D-EA1A-4004-A4D7-273C5C26D59E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E37A1A99-5BD9-4526-88AB-2DA0C137EAE6}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{E7B5C69E-3F6D-4BD7-9888-7514C30FD6E7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F348BA4B-7F72-4076-9A2B-0E53FEB20E6D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{FC8EBBBB-4F0C-4122-B8B1-257E79A41DA9}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0478A597-5B05-5671-B594-27427A642AE5}" = CCC Help Chinese Traditional
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0856323C-4103-4658-C5A8-FB16ED3079F5}" = Catalyst Control Center Localization Greek
"{08AD32A8-D704-4FC8-DB04-CA90A373D9C3}" = Catalyst Control Center Localization Portuguese
"{0A23CBF1-CCB0-B411-6A7A-A177E376BF70}" = Catalyst Control Center Localization Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E92F644-6E11-8FE3-1BFC-5DB09A79F9B3}" = CCC Help Japanese
"{0ECD1EB9-CBB5-09BA-5947-74CBDA3011FC}" = CCC Help Spanish
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{12EDCFD1-E000-F4F2-A3E6-A6C15D0F8A63}" = Catalyst Control Center Graphics Previews Vista
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BDBEDD-5264-29E1-1BFB-6F64FD943596}" = CCC Help Czech
"{1AFA55D1-EA04-9E87-4537-929E66B60D69}" = CCC Help Russian
"{1C028265-E8D7-751F-246F-9FD52CD237A8}" = Catalyst Control Center Localization Hungarian
"{1CCB52B9-FB58-0729-5C26-E8F8B3162043}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FA97774-2351-8DF4-7853-BEB20C726DFB}" = Catalyst Control Center Localization Russian
"{1FB9A0D0-DC5C-B75A-36EE-414706846CC2}" = Catalyst Control Center Localization Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20308457-CE7C-85A9-1B8F-6C521B2B4CCF}" = CCC Help Hungarian
"{213ABE23-10B9-F45F-DC87-63DACAD40C0D}" = Skins
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{24C7254F-C2D5-22FC-7C7C-F17E4894530E}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13
"{28FD3796-5271-EF11-DA27-2939ACA62515}" = CCC Help Greek
"{29456613-49DE-D48C-10E6-06AD36EEE3D7}" = CCC Help Norwegian
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{31C4615C-45C3-776C-AE54-9CE4B76E9DD1}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C1AC91-2D4A-59C1-6875-B3692D1E0365}" = Catalyst Control Center Localization Chinese Standard
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4708942C-76A1-ECC8-5B3D-0D412D68DF24}" = Catalyst Control Center Localization Dutch
"{47247CC1-1221-9449-B4EF-8C9F6D02C1A0}" = CCC Help Swedish
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E084313-093F-5947-CEB9-DE41FD24EF1B}" = Catalyst Control Center Localization Czech
"{52F4AC33-36D4-78D2-E694-7AAC07CD6C5A}" = Catalyst Control Center Graphics Light
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{59FD9D9B-29F9-7572-C2B1-30B65AB2BC29}" = Catalyst Control Center Localization Japanese
"{5D976966-B187-E4D5-5AF1-23C54556E173}" = CCC Help German
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AD90C4B-89D3-5961-F13F-835E73DA1082}" = ccc-utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}" = Jigsaw 365
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{856D0363-1C0A-1562-46E7-A9ECABC8DF78}" = CCC Help Polish
"{88AE47C9-A9D2-E89D-C165-573D8015336D}" = MozyHome
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8CCFDB06-9B09-12D7-F1D4-1E22AC7583E0}" = Catalyst Control Center Localization Finnish
"{8D982E57-BF86-BEE7-3944-BD346EFE6A24}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FAE8DE8-A63C-F5DE-D9F7-E011BBD44C32}" = CCC Help Turkish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0D21ABE-D004-5F89-4485-1BF4C7B3D66A}" = Catalyst Control Center Graphics Full Existing
"{A37978CF-6E03-238A-6571-7EA53B8FAE1B}" = Catalyst Control Center Localization Norwegian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A687B4D9-0047-468F-ABCC-2783FA23768A}" = PE585QA-32
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A830CA28-932E-6081-EEAA-31A6173DCA23}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A980B2A8-661F-35CD-4C3C-8EECE2F5F5D1}" = Catalyst Control Center Localization Korean
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF04309C-7CFC-C0F4-8A75-5135AF07FD1A}" = ccc-core-static
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B20A9F0F-9504-A107-E381-E956CE96EE86}" = Catalyst Control Center Localization Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BCCEC8-58B0-4B2A-0B25-2DF887F06E55}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5CCC9F7-3D21-B444-7EB4-235C1E0AC551}" = CCC Help Dutch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC24FA40-8A7A-42FF-0B9A-5FB02E2A5536}" = CCC Help Thai
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCA08326-B1CA-A2A7-10A1-EA1978847514}" = Catalyst Control Center Localization German
"{CDD3ACE0-7C01-10C8-495D-831EB9375095}" = Catalyst Control Center Localization Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6093905-1B7B-D236-2054-CC0B3E08B413}" = ATI Catalyst Install Manager
"{D7BFE046-4862-AF73-0FB9-E3723BDFDE40}" = CCC Help French
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBED8673-81E5-7763-F3E5-887E43F2E428}" = CCC Help English
"{DC9A7C58-A8A8-0B6D-F1FA-6A35DE82A8E7}" = CCC Help Chinese Standard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3FECA8-82DD-B597-80EB-6236918FFABB}" = Catalyst Control Center Localization Polish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E16BEE5B-82E8-574E-786F-B21DC03E7091}" = Catalyst Control Center Localization Spanish
"{E32DF02F-0C8F-DE2F-9E76-4EA3960D7083}" = Catalyst Control Center Localization Turkish
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8302B10-2762-1C24-596C-ED5FFBA1E041}" = Catalyst Control Center Localization French
"{E940B035-8220-4C6B-C064-D6E4424553FC}" = Catalyst Control Center Graphics Full New
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA4C854-4B15-2FD3-BDE8-9654EC55AB72}" = Catalyst Control Center Localization Swedish
"94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1" = Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"Jigs@w Puzzle 2 Mix" = Jigs@w Puzzle 2 Mix
"Jigsaw Puzzle Platinum 2" = Jigsaw Puzzle Platinum 2
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/24/2012 8:53:59 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 8:55:20 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 8:56:40 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 8:58:00 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 8:59:21 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 9:00:41 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 9:02:02 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 9:03:22 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 9:04:42 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
Error - 4/24/2012 9:06:03 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
[ Media Center Events ]
Error - 6/11/2009 8:28:14 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/11/2009 7:31:24 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/11/2009 11:22:26 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 1/1/2012 2:28:46 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ System Events ]
Error - 1/8/2015 10:10:55 PM | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description =
Error - 1/9/2015 8:20:44 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 1/10/2015 12:21:10 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 1/10/2015 12:21:10 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/10/2015 1:47:08 AM | Computer Name = Steve-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.
Error - 1/10/2015 2:10:47 AM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:04:07 PM on 1/9/2015 was unexpected.
Error - 1/10/2015 2:40:13 AM | Computer Name = Steve-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.191.1847.0 Update Source: %%859 Update Stage:
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11302.0
Error
code: 0x80070643 Error description: Fatal error during installation.
Error - 1/10/2015 2:43:27 AM | Computer Name = Steve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 1/10/2015 3:02:24 AM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:00:35 AM on 1/10/2015 was unexpected.
Error - 1/10/2015 9:17:59 AM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:16:11 AM on 1/10/2015 was unexpected.
< End of report >
Edited by Mrs_Roboto, 10 January 2015 - 10:13 AM.