jacobjohn | 01.04.2015 15:08 | Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JacobJohn at 2015-04-01 14:01:10
Running from C:\Users\JacobJohn\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.06.2002.1 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.07.2004.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.02.2003.0 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3009 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.05.2003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.05.2004.0 - Acer Incorporated)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
Cisco WebEx Meetings (HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C1D35D06-E60A-4834-9B52-F1F3E65D03C9}) (Version: 1.0.239 - Citrix)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.6.2492 (HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\GoToMeeting) (Version: 7.1.6.2492 - CitrixOnline)
Host App Service (HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\Pokki) (Version: 0.269.7.573 - Pokki)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
MAX Trade Monitor (HKLM-x32\...\MAX Trade Monitor) (Version: - )
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.2.194 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 333.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Pokki Start Menu (HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\Pokki_Start_Menu) (Version: 0.269.7.573 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-524373885-3733486968-3907603703-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\JacobJohn\AppData\Local\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
24-03-2015 22:52:02 Windows Update
31-03-2015 16:23:25 Avira System Speedup 1.6
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03EC7424-FE23-4B4D-B73B-3EF4B29E8ADC} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-524373885-3733486968-3907603703-1001
Task: {1A026F94-E533-4214-A69A-E6A45859F3F7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {28503C9A-3A39-4B47-AF79-D34155C76CD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
Task: {2DDEED65-D6AB-4F9C-8CF2-B752506C3FC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
Task: {3C3E8893-3A11-458F-9835-A2DD4B66577C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {53D9CAA8-611B-4192-B4B4-8F304E464A78} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {590B4268-E784-48BC-971C-0F236D6F4992} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {5BD4DB52-69F4-4ECA-84A2-A476C4A47783} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7146D464-3FE0-43A1-8483-E016036AFE45} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {75977078-120D-4685-B11D-7DB57D0A8647} - System32\Tasks\GoogleUpdateTaskMachineCore1d040a392e84bd4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
Task: {798B0026-380E-40B7-AE25-7869D98A37B5} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {7B44A262-AAC3-4891-8F4E-A05005EA1F98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {82CE7379-0381-4F2D-AB29-F1FC5CEAB02A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {8B6B7A36-DF57-4290-BE6B-B2A70AEFEC07} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-03-12] (Acer)
Task: {8DACAA74-2C80-4903-82DB-286450CD8ECA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {9EE3A57E-0439-4A56-AE72-6999C5F591AE} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {AF3D7BCC-98FE-43B1-B564-26A1B67E226F} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {B95BF998-CF2C-48BF-A51C-651C9A3D6797} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {D5DA14C7-9216-4AB6-B3B0-4B8DA40868AE} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {DCF78C48-B280-48EA-9596-0526157FBC58} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {E4E8C924-E31B-4A49-8A28-2BF23C9CE2ED} - System32\Tasks\GoogleUpdateTaskMachineCore1d02cc322479d2b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
Task: {F37BED9A-11F8-4E83-82B0-22EA59EB0AA5} - System32\Tasks\G2MUpdateTask-S-1-5-21-524373885-3733486968-3907603703-1001 => C:\Users\JacobJohn\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe [2015-03-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-524373885-3733486968-3907603703-1001.job => C:\Users\JacobJohn\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d02cc322479d2b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040a392e84bd4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-25 06:58 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-09-25 06:45 - 2014-05-14 00:17 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-04-29 02:38 - 2014-04-29 02:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 02:35 - 2014-04-29 02:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 02:42 - 2014-04-29 02:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-04 17:59 - 2015-03-04 17:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-03-04 17:59 - 2015-03-04 17:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-09-25 06:50 - 2013-10-01 11:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-12 21:35 - 2015-03-12 21:35 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-03-12 21:35 - 2015-03-12 21:35 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-03-19 07:32 - 2015-03-19 07:32 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-03-12 15:10 - 2015-03-12 15:10 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-03-09 11:59 - 2015-03-09 11:59 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-03-09 12:00 - 2015-03-09 12:00 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-03-09 12:00 - 2015-03-09 12:00 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-03-09 12:00 - 2015-03-09 12:00 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-03-12 15:07 - 2015-03-12 15:07 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-03-04 17:59 - 2015-03-04 17:59 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-01-04 06:06 - 2015-01-04 06:06 - 00569856 _____ () C:\Users\JacobJohn\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-04 06:06 - 2015-01-04 06:06 - 01400846 _____ () C:\Users\JacobJohn\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-04 06:06 - 2015-01-04 06:06 - 00151054 _____ () C:\Users\JacobJohn\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-04 06:06 - 2015-01-04 06:06 - 00222734 _____ () C:\Users\JacobJohn\AppData\Local\Pokki\Engine\avformat-54.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\JacobJohn\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 10.0.0.138
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-524373885-3733486968-3907603703-500 - Administrator - Disabled)
Gast (S-1-5-21-524373885-3733486968-3907603703-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-524373885-3733486968-3907603703-1003 - Limited - Enabled)
JacobJohn (S-1-5-21-524373885-3733486968-3907603703-1001 - Administrator - Enabled) => C:\Users\JacobJohn
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2015 01:49:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19998
Startzeit: 01d06c6bccd169a1
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 16059c53-d865-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 01:05:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19698
Startzeit: 01d06c6b76fb44cc
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 06016932-d85f-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 01:00:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 18f44
Startzeit: 01d06c6af33ae310
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 5fd3a18f-d85e-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 00:59:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13828
Startzeit: 01d06c69fcd806a3
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 2d444ffa-d85e-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 00:52:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 18b2c
Startzeit: 01d06c69cf5ed99b
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 376ceec4-d85d-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 00:51:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e730
Startzeit: 01d06c699c50ede6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 07946204-d85d-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 00:50:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15974
Startzeit: 01d06c6960523f29
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: d747f0b4-d85c-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 00:48:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm terminal.exe, Version 4.0.0.765 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 191b4
Startzeit: 01d06c67b9c7d88f
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe
Berichts-ID: 9a4bfd92-d85c-11e4-827f-206a8a9e0dbb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/01/2015 10:07:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Recovery" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/01/2015 10:01:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Recovery" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (03/28/2015 05:33:46 PM) (Source: DCOM) (EventID: 10010) (User: JJP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/28/2015 05:33:46 PM) (Source: DCOM) (EventID: 10010) (User: JJP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/28/2015 01:19:23 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{604b2694-93d0-4580-9b27-561dd52f2783}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1D084264-2813-4395-983A-4E4548B09A9C}
Error: (03/28/2015 00:01:23 PM) (Source: DCOM) (EventID: 10010) (User: JJP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/28/2015 00:01:23 PM) (Source: DCOM) (EventID: 10010) (User: JJP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/28/2015 00:01:15 PM) (Source: DCOM) (EventID: 10010) (User: JJP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/28/2015 00:01:15 PM) (Source: DCOM) (EventID: 10010) (User: JJP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/26/2015 04:44:16 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{604b2694-93d0-4580-9b27-561dd52f2783}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7E6194C9-00D3-4007-A305-BD4179F92BA6}
Error: (03/26/2015 02:33:57 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Acer" wurde eine Beschädigung erkannt.
In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden. Die Dateireferenznummer ist 0x1000000001bc4. Der Name der Datei ist "\Windows\servicing\Packages". Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION".
Error: (03/26/2015 02:33:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{604b2694-93d0-4580-9b27-561dd52f2783}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A53E3199-5514-4814-99AD-A496F0B12F2C}
Microsoft Office Sessions:
=========================
Error: (04/01/2015 01:49:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.7651999801d06c6bccd169a14294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe16059c53-d865-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 01:05:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.7651969801d06c6b76fb44cc4294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe06016932-d85f-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 01:00:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.76518f4401d06c6af33ae3104294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe5fd3a18f-d85e-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 00:59:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.7651382801d06c69fcd806a34294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe2d444ffa-d85e-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 00:52:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.76518b2c01d06c69cf5ed99b4294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe376ceec4-d85d-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 00:51:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.765e73001d06c699c50ede64294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe07946204-d85d-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 00:50:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.7651597401d06c6960523f294294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exed747f0b4-d85c-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 00:48:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: terminal.exe4.0.0.765191b401d06c67b9c7d88f4294967295C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe9a4bfd92-d85c-11e4-827f-206a8a9e0dbb
Error: (04/01/2015 10:07:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: RecoveryFalscher Parameter. (0x80070057)
Error: (04/01/2015 10:01:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: RecoveryFalscher Parameter. (0x80070057)
CodeIntegrity Errors:
===================================
Date: 2015-03-16 05:28:46.872
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:46.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:46.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:37.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:37.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:36.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:36.750
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:30.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:30.100
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-03-16 05:28:26.315
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8115.27 MB
Available physical RAM: 5150.26 MB
Total Pagefile: 9507.27 MB
Available Pagefile: 5261.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:66.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:915.33 GB) (Free:915.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7F486DCA)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 7F486C39)
Partition: GPT Partition Type.
==================== End Of Log ============================ FRST
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JacobJohn (administrator) on JJP on 01-04-2015 13:58:52
Running from C:\Users\JacobJohn\Downloads
Loaded Profiles: JacobJohn (Available profiles: JacobJohn)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Pokki) C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Pokki) C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\JacobJohn\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-12] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-03-04] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\Run: [GoogleChromeAutoLaunch_DF460F60B985FD7D833470AA389650DE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2544896 2015-03-12] (Acer)
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\...\RunOnce: [Application Restart #1] => C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [7848776 2015-03-19] (Pokki)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-524373885-3733486968-3907603703-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-524373885-3733486968-3907603703-1001 -> DefaultScope {A9700063-A235-42DC-B0F6-3AC3C03A1378} URL =
SearchScopes: HKU\S-1-5-21-524373885-3733486968-3907603703-1001 -> {A9700063-A235-42DC-B0F6-3AC3C03A1378} URL =
SearchScopes: HKU\S-1-5-21-524373885-3733486968-3907603703-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-25] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\JacobJohn\AppData\Roaming\Mozilla\Firefox\Profiles\hyj6tbp4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-524373885-3733486968-3907603703-1001: @citrixonline.com/appdetectorplugin -> C:\Users\JacobJohn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-04] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\JacobJohn\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-24] (Cisco WebEx LLC)
FF Extension: Avira Browser Safety - C:\Users\JacobJohn\AppData\Roaming\Mozilla\Firefox\Profiles\hyj6tbp4.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Adblock Plus - C:\Users\JacobJohn\AppData\Roaming\Mozilla\Firefox\Profiles\hyj6tbp4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-14]
Chrome:
=======
CHR Profile: C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
CHR Extension: (Google Docs) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (Google Drive) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
CHR Extension: (YouTube) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Google Search) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Google Sheets) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
CHR Extension: (SiteAdvisor) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-10]
CHR Extension: (Avira Browser Safety) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Gmail) - C:\Users\JacobJohn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-26]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0095911426959265mcinstcleanup; C:\Users\JacobJohn\AppData\Local\Temp\0095911426959265mcinst.exe [851136 2014-08-08] (McAfee, Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2840832 2015-03-12] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S0 cfwids; system32\drivers\cfwids.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 13:58 - 2015-04-01 13:59 - 00022793 _____ () C:\Users\JacobJohn\Downloads\FRST.txt
2015-04-01 13:58 - 2015-04-01 13:59 - 00000000 ____D () C:\FRST
2015-04-01 13:58 - 2015-04-01 13:58 - 02095616 _____ (Farbar) C:\Users\JacobJohn\Downloads\FRST64.exe
2015-04-01 13:55 - 2015-04-01 13:55 - 00000480 _____ () C:\Users\JacobJohn\Downloads\defogger_disable.log
2015-04-01 13:55 - 2015-04-01 13:55 - 00000000 _____ () C:\Users\JacobJohn\defogger_reenable
2015-04-01 13:54 - 2015-04-01 13:54 - 00050477 _____ () C:\Users\JacobJohn\Downloads\Defogger.exe
2015-03-31 20:51 - 2015-03-31 20:51 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\AviraSpeedup
2015-03-31 16:23 - 2015-03-31 16:23 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-03-31 16:23 - 2015-03-31 16:23 - 00001109 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-03-31 16:23 - 2015-03-31 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-03-26 13:12 - 2015-03-26 13:14 - 42596495 _____ () C:\Users\JacobJohn\Downloads\MAX Scrolling Party - SAM - 10 March 2013 - Part 1 - Brokers & CRB Indicators.wmv
2015-03-24 23:13 - 2015-03-24 23:13 - 00944498 _____ () C:\Users\JacobJohn\Desktop\XAUUSD240.csv
2015-03-24 21:50 - 2015-03-24 21:50 - 00646600 _____ (Cisco WebEx LLC) C:\Users\JacobJohn\Downloads\Cisco_WebEx_Add-On.exe
2015-03-24 21:50 - 2015-03-24 21:50 - 00000000 __SHD () C:\Users\JacobJohn\Documents\cache
2015-03-24 21:50 - 2015-03-24 21:50 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\webex
2015-03-24 21:50 - 2015-03-24 21:50 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\WebEx
2015-03-24 21:50 - 2015-03-24 21:50 - 00000000 ____D () C:\ProgramData\WebEx
2015-03-24 10:33 - 2015-03-30 12:00 - 00054272 ___SH () C:\Users\JacobJohn\Downloads\Thumbs.db
2015-03-23 09:14 - 2015-03-23 09:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 19:33 - 2015-03-21 19:33 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\WildTangent
2015-03-21 19:33 - 2014-04-17 00:08 - 00658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1995022.exe
2015-03-21 19:32 - 2015-03-31 16:19 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\Avira
2015-03-21 19:32 - 2015-03-21 19:32 - 00000000 ____D () C:\Users\JacobJohn\abBox
2015-03-21 19:31 - 2015-03-21 19:31 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\acer
2015-03-21 19:24 - 2015-03-17 14:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-21 19:24 - 2015-03-17 14:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-21 19:24 - 2015-03-17 14:01 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-21 19:24 - 2015-03-17 14:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-21 19:18 - 2015-03-31 16:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-21 19:18 - 2015-03-31 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-21 19:18 - 2015-03-31 16:18 - 00000000 ____D () C:\ProgramData\Avira
2015-03-21 19:18 - 2015-03-21 19:18 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\JacobJohn\Downloads\avira_de_av_550da71665e78__ws (1).exe
2015-03-21 19:18 - 2015-03-21 19:18 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-21 19:17 - 2015-03-21 19:17 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\JacobJohn\Downloads\avira_de_av_550da71665e78__ws.exe
2015-03-19 07:32 - 2015-03-19 07:32 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-03-19 07:31 - 2015-03-19 07:32 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-03-19 07:30 - 2015-03-19 07:30 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-03-19 07:26 - 2015-03-19 07:27 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-03-19 07:24 - 2015-03-19 07:24 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-03-15 22:43 - 2015-03-15 22:43 - 00000000 ____D () C:\Users\JacobJohn\Tracing
2015-03-15 22:35 - 2015-04-01 11:57 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\Skype
2015-03-15 22:35 - 2015-03-15 22:35 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-15 22:35 - 2015-03-15 22:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 22:35 - 2015-03-15 22:35 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\Skype
2015-03-15 22:35 - 2015-03-15 22:35 - 00000000 ____D () C:\ProgramData\Skype
2015-03-15 22:35 - 2015-03-15 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-15 22:34 - 2015-03-15 22:34 - 01380448 _____ (Skype Technologies S.A.) C:\Users\JacobJohn\Downloads\SkypeSetup.exe
2015-03-15 22:26 - 2015-03-15 22:26 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
2015-03-11 03:46 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 03:46 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 03:46 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 03:46 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 03:46 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 03:46 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 03:46 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 03:46 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 03:46 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 03:46 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 03:44 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 03:44 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 03:44 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 03:44 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 03:44 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 03:44 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 03:44 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 03:44 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 03:44 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 03:44 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 03:44 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 03:44 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 03:44 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 03:44 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 03:44 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 03:44 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 03:44 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-11 03:44 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 03:44 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 03:44 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 03:44 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 03:44 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 03:44 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 03:44 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 03:44 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 03:44 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 03:44 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 03:44 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 03:44 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 03:44 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 03:44 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 03:44 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 03:44 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 03:44 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 03:44 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 03:44 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 03:44 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 03:44 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 03:44 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 03:44 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 03:44 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 03:44 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 03:44 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 03:44 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 03:44 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 03:44 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 03:44 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 03:44 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 03:44 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 03:44 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-11 03:44 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-11 03:44 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-11 03:44 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 03:44 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 03:44 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-11 03:44 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-11 03:44 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-11 03:44 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-11 03:44 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-11 03:44 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-11 03:44 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 03:44 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-11 03:44 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 03:44 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 03:44 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-11 03:44 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-11 03:44 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-11 03:44 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-11 03:44 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-11 03:44 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-11 03:44 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-11 03:44 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-11 03:44 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-11 03:44 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-11 03:44 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-11 03:44 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-11 03:44 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-11 03:44 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-11 03:44 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-11 03:44 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-11 03:42 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 03:42 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 03:42 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 03:42 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 03:42 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 03:42 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 03:42 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 03:42 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 03:42 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 03:42 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 03:42 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 03:42 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 03:42 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 03:42 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 03:42 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 03:42 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 03:42 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 03:42 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 03:42 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 03:42 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 03:42 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 03:42 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 03:42 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 03:42 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 03:42 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 03:42 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 03:42 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 03:42 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 03:42 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 03:42 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 03:42 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 03:42 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 03:42 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 03:42 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 03:42 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 03:42 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 03:42 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 03:41 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 03:41 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 03:41 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 03:41 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 03:41 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 03:41 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 03:41 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 03:41 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 03:41 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 03:41 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 03:41 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 03:41 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 03:41 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 09:08 - 2015-01-09 14:17 - 00025298 _____ () C:\Users\JacobJohn\Desktop\sam.tpl
2015-03-09 09:06 - 2009-10-22 10:30 - 00015492 _____ () C:\Users\JacobJohn\Desktop\s-Constant Range Bars.ex4
2015-03-09 09:05 - 2013-11-16 21:49 - 00003606 _____ () C:\Users\JacobJohn\Desktop\MAX CRB Range Calculator v1.ex4
2015-03-09 00:14 - 2015-03-09 00:14 - 00024920 _____ () C:\Users\JacobJohn\Downloads\FRX_i_RToffline_ConstantRangeBar_r10154.ex4
2015-03-08 19:53 - 2015-03-08 19:49 - 00000784 _____ () C:\Users\JacobJohn\Desktop\FRX_s_CustomDataGatheringM4_r10154.frx
2015-03-08 19:38 - 2015-03-08 19:38 - 00018896 _____ () C:\Users\JacobJohn\Downloads\FRX_s_CustomDataGatheringM4_r10154.ex4
2015-03-05 15:43 - 2015-03-05 16:00 - 00048455 _____ () C:\Users\JacobJohn\Downloads\MAX Trade Monitor.ex4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-01 13:55 - 2014-11-25 11:06 - 00000000 ____D () C:\Users\JacobJohn
2015-04-01 13:54 - 2015-01-10 12:49 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 13:50 - 2014-12-04 14:56 - 00000594 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-524373885-3733486968-3907603703-1001.job
2015-04-01 13:20 - 2014-12-09 14:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 12:54 - 2014-09-25 07:16 - 01357375 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 08:49 - 2014-11-25 11:09 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{30163055-D3F1-43CA-BB93-C4B6754E455E}
2015-04-01 08:47 - 2014-11-25 11:06 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\Pokki
2015-04-01 08:46 - 2015-01-10 12:49 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d02cc322479d2b.job
2015-04-01 08:46 - 2014-11-25 11:08 - 00000000 ____D () C:\Users\JacobJohn\OneDrive
2015-04-01 08:46 - 2014-09-25 06:54 - 00214114 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-01 01:35 - 2013-08-22 16:46 - 00037084 _____ () C:\Windows\setupact.log
2015-04-01 01:17 - 2014-09-25 16:12 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 01:17 - 2014-09-25 16:12 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 01:17 - 2014-03-18 12:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 00:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-31 21:24 - 2014-11-25 15:10 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\CrashDumps
2015-03-31 16:28 - 2014-11-25 11:12 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-524373885-3733486968-3907603703-1001
2015-03-30 15:18 - 2014-12-04 14:56 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-524373885-3733486968-3907603703-1001
2015-03-26 16:31 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-24 22:48 - 2014-12-07 19:51 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\vlc
2015-03-24 21:50 - 2014-11-25 23:58 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\Mozilla
2015-03-24 11:07 - 2014-11-25 16:36 - 00000000 ____D () C:\Users\JacobJohn\AppData\Roaming\MetaQuotes
2015-03-23 12:36 - 2014-11-25 23:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 21:18 - 2014-11-25 11:07 - 00000000 ____D () C:\Users\JacobJohn\AppData\Local\clear.fi
2015-03-22 12:16 - 2014-11-25 11:09 - 00002331 _____ () C:\Users\JacobJohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-21 19:35 - 2014-07-14 19:58 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-21 19:35 - 2014-07-14 19:58 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-21 19:35 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-21 19:34 - 2014-07-14 19:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 19:34 - 2014-07-14 19:36 - 00000000 ____D () C:\Users\Administrator
2015-03-21 19:33 - 2014-07-14 19:55 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-21 19:31 - 2014-09-25 06:55 - 00000000 ____D () C:\ProgramData\OEM
2015-03-21 19:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-21 19:27 - 2014-07-14 19:58 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-21 19:27 - 2014-03-18 11:54 - 00019524 _____ () C:\Windows\PFRO.log
2015-03-21 19:27 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 19:27 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-21 19:18 - 2014-09-25 06:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-21 02:56 - 2015-01-10 12:51 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-19 07:32 - 2014-09-25 06:55 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-19 07:31 - 2014-09-25 06:55 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-17 10:55 - 2015-02-27 08:20 - 00000000 ____D () C:\Users\JacobJohn\Desktop\trading
2015-03-13 07:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-03-12 01:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 01:42 - 2013-08-22 16:44 - 00346960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 01:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 01:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 01:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 01:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 01:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 01:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 04:27 - 2014-11-26 13:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 04:25 - 2014-11-26 13:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 16:09 - 2015-03-01 14:29 - 00000000 ____D () C:\Program Files (x86)\FXCM MetaTrader 4
2015-03-05 15:55 - 2015-01-11 13:11 - 00000000 ____D () C:\Program Files (x86)\MAX Trade Monitor
2015-03-05 15:55 - 2014-12-09 20:32 - 00000000 ____D () C:\Program Files (x86)\Ava MetaTrader
2015-03-04 23:24 - 2014-07-14 19:54 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2014-07-14 19:54 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 15:17 - 2015-03-01 14:19 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-12-04 14:13 - 2014-12-04 14:13 - 0015872 _____ () C:\Program Files\DDE-Sample.xls
2014-12-04 14:13 - 2014-12-18 23:52 - 4372816 _____ (MetaQuotes Software Corp.) C:\Program Files\metaeditor.exe
2014-12-04 14:13 - 2014-12-18 23:52 - 11103384 _____ (MetaQuotes Software Corp.) C:\Program Files\terminal.exe
2014-12-04 14:13 - 2014-12-04 14:13 - 0045126 _____ () C:\Program Files\terminal.ico
2014-12-04 14:13 - 2014-12-04 14:09 - 0465208 _____ (MetaQuotes Software Corp.) C:\Program Files\uninstall.exe
2014-09-25 06:51 - 2014-09-25 06:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-21 19:33 - 2014-04-17 00:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1995022.exe
Files to move or delete:
====================
C:\ProgramData\uninstall1995022.exe
Some content of TEMP:
====================
C:\Users\JacobJohn\AppData\Local\Temp\0095911426959265mcinst.exe
C:\Users\JacobJohn\AppData\Local\Temp\avgnt.exe
C:\Users\JacobJohn\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\JacobJohn\AppData\Local\Temp\mccspuninstall.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct1618.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct1FC2.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct2263.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct2D42.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct3452.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct3ECE.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct45BA.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct5059.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct7482.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct82A7.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct8748.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct8B8D.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\oct8DF9.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\octC1E.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\octCC8E.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\octCCBA.tmp.exe
C:\Users\JacobJohn\AppData\Local\Temp\octEDAF.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-28 13:17
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
Gmer
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-01 14:11:10
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d KINGSTON_RBU-SNS8100S3128GD rev.S8FM06.9 119,24GB
Running: lds7q5wg.exe; Driver: C:\Users\JACOBJ~1\AppData\Local\Temp\ugldypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600017fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff9600017fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\nvvsvc.exe[89168] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffaf53f169a 4 bytes [3F, F5, FA, 7F]
.text C:\Windows\system32\nvvsvc.exe[89168] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffaf53f16a2 4 bytes [3F, F5, FA, 7F]
.text C:\Windows\system32\nvvsvc.exe[89168] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffaf53f181a 4 bytes [3F, F5, FA, 7F]
.text C:\Windows\system32\nvvsvc.exe[89168] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffaf53f1832 4 bytes [3F, F5, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [66772:73516] fffff960009cab90
---- Processes - GMER 2.1 ----
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [104528] (Chromium/The Chromium Authors)(2015-03-19 17:19:00) 000000000fda0000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [104528] (ICU Data DLL/The ICU Project)(2015-01-04 04:06:14) 0000000051f40000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [103196] (Chromium/The Chromium Authors)(2015-03-19 17:19:00) 000000000fda0000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [103196] (ICU Data DLL/The ICU Project)(2015-01-04 04:06:14) 0000000051f40000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [103196](2015-01-04 04:06:14) 00000000569c0000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\avcodec-54.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [103196](2015-01-04 04:06:14) 0000000054950000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\avutil-51.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [103196](2015-01-04 04:06:14) 0000000054ee0000
Library C:\Users\JacobJohn\AppData\Local\Pokki\Engine\avformat-54.dll (*** suspicious ***) @ C:\Users\JacobJohn\AppData\Local\Pokki\Engine\HostAppService.exe [103196](2015-01-04 04:06:14) 0000000054ea0000
Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\Microsoft.PerfTrack.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [88696] (Microsoft.PerfTrack.dll/Microsoft Corporation)(2014-09-25 04:30:52) 0000000072930000
Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [88696] (Microsoft Skype/Microsoft Corporation)(2014-12-14 09:42:13) 000000000f7a0000
Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\MicrosoftAdvertising.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [88696] (Microsoft Advertising Native SDK for Windows 8/Microsoft Corporation)(2014-09-25 04:30:52) 0000000050530000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- --- --- --- |